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Linux  user  Mike  Prince  plans  to  test  server  virtualization 
software  that’s  due  to  be  supported  in  the  Linux  kernel.  PAGE  4 


Don  Tennant  says  know-nothing  U.S.  legislators  are  wrong  to  raise 
national  security  questions  about  the  IBM-Lenovo  deal.  PAGE  18 
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Telecom  Consolidation 
Raises  Concerns  for  U 


Users  expect  decreased  competition,  worry 
about  possible  impact  on  customer  service 


BY  MATT  HAMBLEN 

Network  managers  are  bracing 
for  changes  amid  the  merger 
frenzy  in  the  telecommunica¬ 
tions  industry,  which  intensi¬ 
fied  last  week  with  SBC  Com¬ 
munications  Inc.’s  agreement 
to  buy  AT&T  Corp.  and  re¬ 
ports  that  Qwest  Communica¬ 
tions  International  Inc.  was  in 
talks  to  gobble  up  MCI  Inc. 

In  the  long  term,  the  ongo¬ 
ing  consolidation  will  likely 
reduce  the  choices  that  corpo¬ 


rate  users  have  when  they  put 
their  network  services  con¬ 
tracts  out  for  bid,  some  users 
and  analysts  said. 

But  several  AT&T  cus¬ 
tomers  noted  that  their  imme¬ 
diate  concerns  are  making 
sure  that  SBC  honors  their 
contracts  and  finding  out  how 
proposed  layoffs  of  more  than 
12,000  workers  over  the  next 
year  will  alter  the  account 
teams  they  rely  upon  to  set  up 
Telecom,  page  43 


Sun  Plans  to 
Offer  Hourly 
Rates  on  CPUs 

Vendor  to  sell  access  to 
systems  on  utility  basis 

BY  PATRICK  THIBODEAU 

Arguing  that  computing 
power  is  no  different  than 
electric  power,  Sun 
Microsystems  Inc. 
last  week  said  it 
will  allow  users  to 
buy  CPU  cycles  on 
an  hourly  basis,  ei¬ 
ther  directly  from 


Sun  or  through  an  electron¬ 
ic  trading  market. 

Corporate  users  in 
search  of  computing  time, 
as  well  as  speculators,  will 
be  able  to  bid  on  available 
CPU  hours  through  Archi¬ 
pelago  Holdings  Inc.,  a 
Chicago-based  electronic 
stock  exchange.  For  exam¬ 
ple,  a  company  that  buys 
10,000  CPU  hours 
through  the  new  Sun 
Grid  compute  utility 
plan  and  then  dis¬ 
covers  that  it  needs 
just  8,000  could  sell 
Sun,  page  16 


In  this  labor 
market,  it’s 
tempting  to  hire 
an  outsider  as 
your  next  IT 
manager.  But 
sometimes  it’s 
better  to  grow 
your  own. 

PAGE  33 
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Arkansas  Set  to  Pull  the  Rug 
On  Second  Budgeting  App 

Says  third-party  tool  isn’t  working;  lawsuit 
continues  against  SAP  over  initial  software 


BY  MARC  L.  SONGINI 

The  state  of  Arkansas  is  on 
the  verge  of  unplugging  a 
balky  portion  of  a  budgeting 
application  written  by  a 
third-party  software  develop¬ 
er,  a  move  that  is  connected 
to  ongoing  litigation  between 
the  state  and  SAP  AG. 

The  lawsuit,  filed  in  the 
Circuit  Court  of  Pulaski 
County,  Ark.,  four  years  ago, 
alleges  that  an  initial  budget¬ 


ing  application  delivered  by 
SAP  failed  to  work  as  prom¬ 
ised  and  that  the  state’s  core 
IT  system  based  on  SAP’s 
R/3  software  didn’t  meet 
specifications  for  accessibili¬ 
ty  by  handicapped  users. 

For  more  coverage  of  ERP 
applications,  go  to  our  Web  site: 

QuickLink  k2000 
www.computerworld.com 


A  spokesman  for  Arkansas 
Gov.  Mike  Huckabee  con¬ 
firmed  that  a  so-called  per¬ 
formance-based  budgeting 
tool  will  be  turned  off  at  an 
as  yet  undetermined  time. 

The  application  was  to  be 
part  of  the  state’s  ERP  back¬ 
bone,  known  as  the  Arkansas 
Administrative  Statewide  In¬ 
formation  System.  AASIS 
went  live  in  July  2001  and  is 
built  primarily  around  R/3. 
Two  state  officials  agreed 
that  other  than  the  issues 
outlined  in  the  lawsuit,  the 
AASIS  implementation  has 
been  successful,  despite  sig¬ 
nificant  cost  overruns. 

The  state  currently  puts 

Arkansas,  page  16 
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Make  a  name  for  yourself 
with  Windows  Server  System. 


Microsoft 

Your  potential.  Our  passion.  " 


"Instead  of  putting  out  fires,  we  now  focus 
on  ways  we  can  deploy  new  technologies 
that  benefit  our  customer  service" 

Dave  Chacon 

Manager,  Technical  Services,  PING 


Microsoft  Windows  Server  System  makes  it  easier  for 
golf  club  maker  PING  to  manage  the  infrastructure 
serving  their  400  end  users.  Here's  how:  By  using 
Windows  Server  2003  with  Active  Directory,®  PING 
now  centrally  manages  all  its  servers,  desktops, 
and  end  users  from  one  location.  This  cut  annual 
administrative  time  by  800  hours.  Time  that  can  now 
be  spent  developing  new  ways  to  support  customers, 
partners,  and  employees.  Software  that's  easier  to 
manage  is  software  that  helps  you  do  more  with  less. 
Get  the  full  PING  story  at  microsoft.com/wssystem 


Windows  Server  System™  includes: 


Server  OS 

Windows  Server™ 

Operations  Infrastructure 

Systems  Management  Server 

Operations  Manager 

Internet  Security  &  Acceleration  Server 

Windows1*1  Storage  Server 

Application  Infrastructure 

SQL  Server™ 

BizTalk®  Server 

Commerce  Server 

Host  Integration  Server 

Information  Work  Infrastructure 

Exchange  Server 

Content  Management  Server 

Office  SharePoint™  Portal  Server 

Office  Live  Communications  Server 


NAME 

Mr.  40%  Less 
Time  Spent  on 
Maintenance  and 
Administration 


PING 
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We’re  inspired  by  the  human  side  of  data.  Data  mobility  is  more  than  moving  1’s  and  0’s  around 


■%£|lf’s  about  letting  people  work  how  and  where  they  want  to,  even  where  the  waves  are.  That’s  why 
.  .«Hidurable  Hitachi  hard  disk  drives  are  the  industry  choice  for  PDAs,  laptops,  and 
«  ^  The  smallest  Microdrive '  to  the  largest  SAN  solution,  Data  Storage  from  Hitachi. 


,  and  surfers  alike.  From 
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Inspire  the  Next 


02.0705 


Command  &  Control 

In  the  Technology  section:  To  turn  a  ragtag  bunch 
of  security  assets  into  an  elite  defensive  unit, 
companies  are  turning  to  security  information 
management  software,  which  is  designed  to  sim¬ 
plify  management,  provide  greater  visibility  and 
improve  response  times.  Page  21 


Modeling  Magic 

Also  in  the  Technology  section:  After  a  slow  start, 
operations  research,  with  its  reliance  on  com¬ 
plex  analytics,  is  now  a  key  process  at  Procter 
&  Gamble,  says  Glenn  Wegryn.  And  it’s  not  just 
for  addressing  supply  chain  questions.  Page  26 
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4  Support  for  Xen,  a  technology 
that  provides  server  virtual¬ 
ization  capabilities,  may  be 
added  to  the  Linux  kernel  lat¬ 
er  this  year,  developers  say. 

5  The  Chicago  Housing 
Authority  uses  AI  techniques 
to  ease  a  $1.6  billion  public 
housing  project. 

5  Electronic  health  records  get 

a  boost  from  pilot  programs  in 
the  U.S.  and  Canada. 

10  A  hashing  algorithm  used 
on  some  content  addressed 
storage  devices  could  be  vul¬ 
nerable  to  hackers,  security 
experts  warn. 

10  VoIP  technology  is  maturing, 
but  users  are  still  looking  for 
applications  that  will  provide 
payback  on  their  investments. 

12  NIST  has  published  a  set  of 

security  guidelines  that  may 
eventually  apply  to  all  federal 
information  systems. 

12  AutoWeb  launches  a  real-time 
collaboration  service  for  the 
auto  industry  that  allows  data 
sharing  without  new  software. 

14  Global  Dispatches:  A  study 
says  China  isn’t  yet  a  threat  to 
India’s  outsourcing  industry; 
and  German  retailer  Metro 
AG  says  it’s  getting  99%  read 
rates  on  RFID  tags  at  its 
biggest  distribution  center. 

17  Q&A:  SAP  CEO  Henning 
Kagermann  says  an  open  ap¬ 
plication  platform  due  in  2007 
will  give  his  company  an  edge 
in  its  battle  against  Oracle. 


28  QuickStudy:  Bayesian  Logic 
and  Filters.  Bayesian  logic  is 
a  type  of  statistical  analysis 
that  can  quantify  an  uncertain 
outcome  by  determining  its 
probability  of  occurrence. 
Bayesian  filters  are  used  in 
spam-control  software. 

30  Security  Manager’s  Journal: 
Keeping  Wireless  Rogues  in 
Check.  It  took  months  of  test¬ 
ing  and  wrestling  with  budget 
constraints,  but  Mathias 
Thurman  has  finally  come  up 
with  a  wireless  policy. 
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33  Buy  or  Build?  Adding  IT 
managers?  The  crowded  IT 
job  market  is  a  great  place  to 
pick  them  up,  but  there’s  still 
a  lot  to  be  said  for  building 
skills  the  old-fashioned  way. 

36  Think  Tank.  Many  U.S.  Web 
sites  fail  to  provide  Spanish- 
language  content  for  the  fast¬ 
growing  Hispanic  population 
online;  and  a  new  book  says 
competitive  advantage  will 
come  from  finding  the  right 
mix  of  machines  and  people. 

37  IT  Mentor:  So  You  Want  to  Be 
a  CIO.  John  Parker,  CIO  at 
A.G.  Edwards,  offers  a  career 
blueprint  for  IT  professionals 
eyeing  the  top  spot. 

38  Career  Watch.  Ameritrade’s 
Jerry  Bartlett  answers  readers’ 
questions  about  quality  assur¬ 
ance  vs.  development  work; 
and  we  examine  the  state  of  the 
IT  job  market  as  reflected  in 
various  reports  and  surveys. 


8  On  the  Mark:  Mark  Hall  won¬ 
ders  what  to  do  about  the  vol¬ 
ume  of  data  that  will  come 
with  radio  frequency  identifi¬ 
cation  technology. 

18  Don  Tennant  says  the  claim 
by  three  congressmen  that 
IBM’s  plan  to  sell  its  PC  busi¬ 
ness  to  a  Chinese  company 
could  threaten  U.S.  national 
security  is  as  embarrassing  as 
it  is  ill-informed. 

18  Michael  H.  Hugos  had  his 

eyes  opened  to  the  reality 
that  America  no  longer  has  a 
monopoly  on  IT.  It’s  a  whole 
new  world  now. 

19  Dan  Gillmor  finds  Apple’s 
obsession  with  secrecy 
misguided. 

31  Jian  Zhen  identifies  five 
common  causes  of  project 
failure  and  suggests  ways 
to  head  them  off  before  a 
project  begins. 

39  Paul  Glen  has  a  simple  philos¬ 
ophy  of  boss-subordinate 
relationships:  Each  owes  the 
other  three  things. 

44  Frankly  Speaking:  Frank 
Hayes  takes  stock  of  the 
re-emergence  of  Ray  Noorda. 
Could  this  be  the  end  of  SCO’s 
anti-Linux  litigation? 
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Sorting  Out  Web 
Services  Standards 

SECURITY:  DataPower’s  chief  security  archi¬ 
tect  provides  a  road  map  for  navigating  the 
labyrinth  of  specs  and  proposals  that  make 
up  Web  services  security.  O  QuickLink  51462 

Deploying  Grid  Storage 

STORAGE:  An  e-marketing  firm’s  new  self- 
protecting  network-attached  storage  system 
handles  backup,  disaster  recovery  and 
archiving.  ©  QuickLink  52286 


Eliminate  Integration 
Headaches  With  S0A 

DEVELOPMENT:  Legacy  systems  and  business 
complexity  can  wreck  integration  projects, 
but  AgilePath’s  Eric  Marks  says  service- 
oriented  architectures  can  help  solve  this 
problem.  ©  QuickLink  52373 

Can  Marketing  Build  Trust? 

E-BUSINESS:  Consumers  respond  well  to 
online  merchants  who  successfully  balance 
privacy  and  personalization,  according  to  a 
Ponemon  Institute  survey.  ©  QuickLink  51945 


Apple  Touts  Tech  Upgrades 

MACINTOSH:  Apple  Computer  has  upgraded 
its  PowerBook  line,  adding  faster  G4  proces¬ 
sors  and  two  new  technologies:  a  “scrolling” 
TrackPad  and  a  feature  called  the  Sudden 
Motion  Sensor,  which  is  designed  to 
prevent  damage  if  the  laptop  is  dropped. 

©  Quicklink  52293 


What’s  a  QuickLink? 


O  Throughout  each  issue  of 
Computerwoild.  you’ll 
see  five-digit  Quicklink  codes 
pointing  to  related  content  on 
our  Web  site.  Also,  at  the  end  of 
each  story,  a  Quicklink  to  that 
story  online  facilitates  sharing  it 
with  colleagues.  Just  enter  any 
of  those  codes  into  the  Quick- 
Link  box,  which  is  at  the  top  of 
every  page  on  our  site 
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Borland  to  Unveil 
Role-based  Tools 

Borland  Software  Corp.  this  week 
will  announce  an  integrated  set  of 
role-based  application  life-cycle 
management  tools  called  the  Core 
Software  Delivery  Platform,  or 
SDP.  Code-named  Project 
Themis,  SDP  includes  customized 
tools  for  IT  analysts,  architects, 
developers  and  testers.  The  tool 
set  includes  technology  from  sev¬ 
eral  Borland  products. 


Microsoft  Hires 
CRM  Executive 

Microsoft  Corp.  has  hired  a  for¬ 
mer  PeopleSoft  Inc.  executive  to 
oversee  its  CRM  software.  Brad 
Wilson,  PeopleSoft’s  former 
worldwide  vice  president  of  CRM 
marketing,  this  week  takes  over 
as  general  manager  of  Microsoft’s 
Business  Solutions  operation. 
Microsoft’s  current  CRM  head, 
David  Thacher,  will  still  manage 
CRM  development,  while  Wilson 
oversees  strategy. 


Sun  to  Outsource 
Internal  IT  to  CSC 

Sun  Microsystems  Inc.  will  out¬ 
source  much  of  its  internal  IT 
operations  to  Computer  Sciences 
Corp.  under  a  five-year,  $360 
million  contract.  Sun  said  it  will 
save  $100  million  over  the  term 
of  the  pact.  Under  the  agreement, 
CSC  assumes  responsibility  for 
provisioning  all  of  Sun  application 
development  and  support  services 
and  will  manage  Sun’s  internal 
business  applications. 


IBM  Offers  New 
IT  Financing  Plan 

IBM  is  rolling  out  a  new  set  of  fi¬ 
nancing  options  aimed  at  increas¬ 
ing  sales  to  small  and  midsize 
business  customers  by  simplifying 
the  financing  process.  Dubbed 
IBM  Financing  Advantage,  the  ini¬ 
tiative  extends  several  existing 
programs.  IBM  said  that  IT  deals 
worth  up  to  $300,000  can  now 
be  approved  within  an  hour. 


Linux  Kernel  to  Adopt 
Server  Virtualization 


Support  for  Xen  software  will  be  added 
to  kernel;  timetable  remains  uncertain 


BY  CAROL  SLIWA 

BURLINGAME.  CALIF. 

Support  for  open- 

source  software  that 
provides  server  virtu¬ 
alization  capabilities  is 
due  to  be  added  to  a  future 
version  of  the  Linux  kernel, 
sources  familiar  with  the  tech¬ 
nology  said  last  week. 

But  although  Andrew  Mor¬ 
ton,  the  maintainer  of  the  Lin¬ 
ux  2.6  kernel,  confirmed  at  the 
OSDL  Enterprise  Linux  Sum¬ 
mit  here  that  support  for  the 
Xen  open-source  virtualiza¬ 
tion  software  is  “going  to  hap¬ 
pen,”  he  wasn’t  clear  about  the 
time  frame.  Morton  said  it 
won’t  be  included  in  the  2.6.11 
version  that’s  due  late  this 
month.  But,  he  added,  Xen 
support  might  be  built  into 
one  of  the  two  subsequent  re¬ 
leases  of  the  kernel  that  are 
expected  later  in  the  year. 

Much  will  depend  on  the 
stability  of  the  code  that  is 
submitted  to  Morton,  said  a 
spokesman  for  Beaverton, 
Ore.-based  Open  Source  De¬ 
velopment  Labs  Inc.,  which 
hosted  the  summit. 

Major  contributors  to  Xen 
include  Hewlett-Packard  Co. 
and  Intel  Corp.,  said  Ian  Pratt, 
founder  of  the  Xen  project  and 
a  senior  lecturer  at  the  Uni¬ 
versity  of  Cambridge  Comput¬ 
er  Laboratory  in  England, 
where  the  3-year-old  open- 
source  project  is  based. 

IBM  employees  who  work 
at  the  company’s  Linux  Tech¬ 
nology  Center  have  also  con¬ 
tributed  to  the  Xen  project,  an 
IBM  spokesman  said. 

Like  the  leading  commercial 
offering  from  EMC  Corp.’s 
VMware  Inc.  division,  Xen  can 
execute  multiple  virtual  ma¬ 
chines,  each  running  its  own 
operating  system,  on  a  single 
server  —  although  the  two 
products  work  differently 
from  a  technical  standpoint. 


To  use  Xen  today,  compa¬ 
nies  must  download  either  a 
software  patch  or  a  prebuilt 
operating  system  kernel  that 
includes  the  patch  from  the 
Xen  project’s  Web  site.  Thus 
far,  Xen  has  attracted  interest 
from  some  hosting  companies 
and  “the  sophisticated  IT  de¬ 
partment  which  already  is 
heavily  into  Linux,”  Pratt  said. 

Dan  Kusnetzky,  an  analyst  at 
IDC,  views  the  need  for  users 
to  install  a  kernel  patch  as  a 
major  inhibitor  to  Xen’s  adop¬ 
tion.  Most  corporate  users  get 
Linux  from  distributors  such 
as  Red  Hat  Inc.  and  Novell 
Inc.,  and  if  they  patch  the 
kernel,  their  systems  will  no 
longer  be  supported  unless 
the  vendors  agree  to  accept 
the  patch,  he  said. 

Both  Red  Hat  and  Novell 
said  last  month  that  they  plan 
to  include  server  virtualiza¬ 
tion  technology  in  their  ver¬ 
sions  of  the  operating  system 


and  that  Xen  is  a  contender 
[QuickLink  51794]. 

Mike  Prince,  CIO  at  Bur¬ 
lington  Coat  Factory  Ware¬ 
house  Corp.  in  Burlington, 

N.J.,  said  he’s  less  worried 
about  Linux  distributors  than 
he  is  about  application  ven¬ 
dors,  which  can  be  “finicky 
about  what  they’ll  support.” 

A  Linux  user  since  1999, 
Burlington  Coat  plans  to  test 
Xen  as  part  of  an  effort  to  con¬ 
solidate  underutilized  devel¬ 
opment  and  test  systems  and 
possibly  some  application 
servers  as  well,  Prince  said. 
The  only  reason  the  retailer 
hasn’t  already  experimented 
with  Xen  is  that  it  didn’t  know 
about  the  project  until  the  past 
month,  he  added. 

Joe  Poole,  manager  of  tech¬ 
nical  support  at  Linux  user 
Boscov’s  Department  Stores 
LLC,  said  the  Reading,  Pa.- 
based  retail  chain  is  looking  to 
consolidate  its  “lesser  servers” 
this  year.  Boscov’s  is  commit¬ 
ted  to  open-source  software 
and  plans  to  experiment  with 
Xen,  Poole  said.  But  it  will 


PRODUCT  ROAD  MAP 

Xen  2.1 

(DUE  THIS  QUARTER) 

■  Restructured  boot  code 
will  make  the  Xen  software 
“thinner.” 

Users  will  be  able  to  bal¬ 
ance  loads  by  moving  virtu¬ 
al  machines  between  CPUs. 

Xen  3.0 

(DUE  IN  Q2) 

Support  will  be  added  for 
guest  operating  systems  on 
symmetrical  multiprocessors. 

The  software  will  run  on 
x86  systems  based  on 
AMD’s  Opteron  chip  or 
Intel’s  EMT64  technology. 


face  a  problem,  at  least  for  the 
time  being.  All  but  one  of 
those  “lesser  servers”  run 
Windows,  and  Xen  doesn’t 
currently  support  the  Micro¬ 
soft  Corp.  operating  system. 

Xen  is  eventually  expected 
to  support  Windows  through 
virtualization  extensions  built 
into  Intel’s  processors.  Intel 
plans  to  add  virtualization 
support  to  its  Itanium  and 
Pentium  chips  later  this  year 
and  to  its  Xeon  processor  next 
year,  a  company  spokesman 
said.  ©  52398 
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Red  Hat  Users  Aren’t  Racing  to  Use  2.6  Kernel,  CEO  Says 


Red  Hat  Inc.  CEO  Matthew 
Szulik  spoke  with  Computer- 
world  last  month.  Excerpts  from 
the  interview  follow: 


Did  Novell’s  acquisi¬ 
tion  of  SUSE  Linux 
early  last  year  cause 
you  to  make  any 
changes?  It  did  not  alter 
our  approach.  Certainly, 
they’re  a  well-capitalized 
competitor  as  a  result  of  I 
the  Microsoft  settlement 
[QuickLink  50747].  But  I 
we  continue  to  focus  on  the 
most  important  thing  about  our 
company  -  customers. 

When  is  Red  Hat  Enterprise 
Linux  4  due,  and  what  are 
the  most  critical  improve- 


Q&A 


ments  for  corporate  users? 

Mid-February.  I  don’t  think  there 
are  going  to  be  enterprise  ci 
tomers  lined  up  because  they 
want  the  latest  widget  in  RHEL 
4.  It  will  be  reaffirming  in 
the  areas  of  better  securi¬ 
ty;  better  policy  manage' 
ment  to  make  sure  that  a 
systems  administrator 
has  less  complexity  to 
deal  with  in  a  very  large, 
distributed  environment 
to  distribute  security  poli¬ 
cies;  better  manageabili¬ 
ty.  of  course;  the  ability  of  an  in¬ 
tegrated  kernel  that  will  provide 
better  support  for  ISVs  and  bet¬ 
ter  throughput;  [and]  areas 
around  multithreading. 


Do  you  have  any  concerns 


that  Novell  supported  the  2.6 
kernel  first?  They  did  -  but  you 
know,  our  customers  are  not  in 
that  race  to  be  first.  When  you 
walk  into  a  Morgan  Stanley  and 
an  A0L  they  want  stability.  They 
want  manageability.  They  don’t 
want  to  have  any  issues  about 
breaking  binary  compatibility. 

Who  do  you  now  view  as  your 
greatest  competition?  The 

same  ones  there  have  always 
been  -  the  evil-headed  twin.  It’s 
Sun  and  Microsoft. 

-  Carol  Sliwa 


An  extended  version  of  this  interview 
can  be  found  on  our  Web  site: 

O  QuickLink  52288 
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Push  for  Web-based  Health  Records  Launched 


Duke  University  spearheads  a  series 
of  pilot  tests  in  the  U.S.  and  Canada 


BY  HEATHER  HAVENSTEIN 

A  nonprofit  foundation  that’s 
aiming  to  bolster  consumer 
adoption  rates  of  electronic 
health  records  is  launching 
pilot  tests  of  the  technology 
in  Canada  and  the  U.S. 

The  Health  Record  Network 
Foundation  (HRN),  a  joint 
venture  of  Durham,  N.C.- 
based  Duke  University’s  med¬ 
ical  and  business  schools,  this 
month  disclosed  plans  to 
launch  a  pilot  program  with  a 
Toronto-based  health  system 
to  create  a  portal  where  pa¬ 
tient  health  information 
would  be  accessible  over 
the  Internet. 

Under  the  program,  patient 
records  will  be  stored  on  HRN 
servers.  Patient  approval 
would  be  required  to  store 
the  records  on  the  server  and 
make  them  accessible  to  oth¬ 
ers.  “Unless  consumers  are 
actively  engaged,  even  if  you 
build  a  network,  it  doesn’t 
mean  it  will  be  used,”  said 
Brian  Baum,  HRN’s  CEO. 

The  venture  is  still  evaluat¬ 
ing  content  management  and 
database  technology  to  use  in 
the  system. 

HRN  is  also  finalizing  plans 
for  a  statewide  pilot  program 
in  Wyoming  and  is  in  discus¬ 
sions  with  other  states. 

Most  efforts  to  extend  the 
reach  of  electronic  health 
records  today  focus  on  creat¬ 
ing  standards  that  link  IT  sys¬ 
tems  in  physicians’  offices, 
hospitals  and  insurance  com¬ 
panies.  For  example,  the  U.S. 
Department  of  Health  and  Hu¬ 
man  Services  and  other  orga¬ 
nizations  are  hammering  out 
standards  for  such  a  system. 

‘Health  Care  Internet’ 

In  contrast,  Baum  said,  HRN 
plans  to  build  on  the  pilot 
projects  to  form  a  “health  care 
Internet”  where  authorized 
physicians  and  other  users  can 
access  the  health  care  history 
of  all  patients  in  the  system. 

Information  that  would  be 
stored  in  the  system  could  in¬ 


clude  a  child’s  inoculation 
records,  the  health  care  histo¬ 
ry  of  an  aging  parent,  pre¬ 
scription  data  and  lab  results, 
Baum  said. 

In  Canada,  HRN  has  teamed 
up  with  Sunnybrook  and 
Women’s  College  Health  Sci¬ 
ences  Centre  to  test  the  HRN 
model  with  about  100  patients. 

The  pilot  program  will  add 
select  elements  of  internal 
computerized  patient  records 
to  the  HRN  portal  that  may 
need  to  be  accessed  by  other 


health  care  providers,  said 
Sam  Marafioti,  vice  president 
and  CIO  at  the  Toronto-based 
teaching  hospital. 

In  Wyoming,  a  health  sub¬ 
committee  in  the  state  legisla¬ 
ture  has  approved  a  pilot 
test  with  HRN,  and  the  state 
is  now  waiting  for  about 
$1.75  million  needed  to  fund 
the  effort,  said  Anne  Ladd, 
executive  director  of  the 
Wyoming  Healthcare  Com¬ 
mission.  Ladd  said  the  pro¬ 
gram  should  be  less  expensive 
than  other  systems. 

However,  Ladd  noted  that 
some  physicians  and  health 
plans  in  the  state  have  ex¬ 


pressed  concerns  about  the 
accuracy  and  completeness  of 
the  data  that  would  be  stored 
in  the  portal. 

In  addition,  the  plan  doesn’t 
overcome  the  privacy  con- 

Unless  con¬ 
sumers  are 
actively  engaged, 
even  if  you  build  a 
network,  it  doesn’t 
mean  it  will  be  used. 

BRIAN  BAUM.  CEO.  HEALTH  RECORD 
NETWORK  FOUNDATION 


cerns  that  have  long  dogged 
efforts  to  build  electronic 
medical  records  programs. 

Sue  Blevins,  president  of  the 
Institute  for  Health  Freedom, 
a  Washington-based  health  re¬ 
search  center,  said  that  if  con¬ 
sumers  were  demanding  elec¬ 
tronic  health  records,  then 
everyone  would  already  be 
equipped  with  a  memory  stick 
with  their  data  stored  on  it. 

“People  intuitively  under¬ 
stand  health  care  is  not  like 
your  banking  information  — 
the  IRS  and  my  boss  know 
how  much  money  I  make,” 
she  said.  “When  you  combine 
making  it  easier  to  get  data 
with  the  current  weak  law, 
that  is  a  recipe  for  invasion 
of  privacy.”  ©  52397 


Agent-based  App  Lets  Housing  Agency  Adapt  on  the  Fly 


Improves  ability  to 
respond  to  tenants’ 
changing  needs 

BY  HEATHER  HAVENSTEIN 

Halfway  through  its  Plan  for 
Transformation,  a  $1.6  billion 
effort  to  refurbish  or  rebuild 
25,000  public  housing  units, 
the  Chicago  Housing  Authori¬ 
ty  (CHA)  is  dealing  with  an 
unexpected  wrinkle  in  its 
plans  to  relocate  residents 
during  the  project. 

CHA  officials  had  planned 
to  relocate  residents  to  tempo¬ 
rary  housing  once  —  on  its 
own  a  massive  logistical  un¬ 
dertaking  —  but  they  have 
found  that  many  residents 
need  to  move  multiple  times 
for  unexpected  reasons  before 
work  on  their  permanent 
homes  is  done. 

To  tackle  this  jolt  and  other 
fluctuating  requirements,  such 
as  special  needs  for  seniors 
and  availability  of  housing 
units,  the  CHA  has  relied  on 
its  Tenant  Relocation  Services 
Application,  a  software  system 
that  uses  agent  technology 
from  Agentis  Software  Inc.  in 
Walnut  Creek,  Calif.,  to  make 
real-time  adjustments. 

Agency  officials  said  earlier 
this  month  that  the  applica¬ 
tion’s  return  on  investment  has 
been  far  greater  than  expected. 

Agent  technology  —  distrib- 
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WHEN  TENANTS  move  to  a  new 
residence,  the  CHA’s  Agentis 
software  can  handle  the  change 
without  expensive  recoding. 


uted  software  components  that 
can  realign  processes  to  meet 
goals  without  human  interven¬ 
tion  —  is  a  practical  applica¬ 
tion  born  from  research  into 
artificial  intelligence. 

When  business  require¬ 
ments  change  for  the  CHA 
during  the  project,  the  appli¬ 
cation  can  be  modified  incre¬ 
mentally  to  manage  exception 
handling  without  expensive 
and  time-consuming  recoding 
efforts,  said  Barbara  Banks, 
the  agency’s  CIO.  Banks  said 
the  agency  was  able  to  slash 
by  50%  the  budgeted  cost  of 
building  and  making  changes 
to  the  application. 

“This  [project  requires]  a 
process  that  has  never  been 
done  before,  and  it  is  con¬ 
stantly  changing,”  Banks  said. 
“We  may  not  necessarily  un¬ 


derstand  all  the  requirements 
on  the  front  end.  There  are 
not  applications  on  shelves  we 
can  grab  and  use.  We  needed 
something  that  was  flexible.” 

As  part  of  the  project,  resi¬ 
dents  can  move  to  a  temporary 
public-housing  unit  or  receive 
a  voucher  to  live  in  private 
housing.  If  tenants  are  forced 
to  move  from  the  housing  ear¬ 
ly,  the  authority  is  responsible 
for  finding  new  housing. 

The  latest  version  of  the  sys¬ 
tem,  completed  by  agency  de¬ 
velopers  in  October,  has  eight 
modules  of  business  processes 
to  track  and  adjust  to  various 
relocation  issues,  such  as  pro¬ 
visioning  appliances  and  pro¬ 
viding  security  deposits  and 
reimbursement  for  moving 
expenses,  said  Banks. 

The  Agentis  AdaptivEnter- 
prise  Solution  Suite  has  tools 
to  break  down  a  problem  into 
a  series  of  goals  and  plans  to 
achieve  those  goals,  said  Matt 
Sweetnam,  principal  consul¬ 
tant  at  Agentis. 

Thus,  the  software  can 
adapt  to  provision  appliances 
for  tenants  only  under  specific 
circumstances.  For  example, 
once  a  moving  client’s  appli¬ 
ances  reach  a  set  age,  the  sys¬ 
tem  can  place  an  order  with  a 
vendor  and  schedule  an  instal¬ 
lation.  And  the  system  can 
change  those  rules  for  specific 
appliances,  such  as  setting  a 


three-year  limit  on  a  stove  and 
five  years  on  a  dishwasher. 

The  suite  used  by  the  CHA 
includes  developer  tools  to 
build  agents  by  defining  the 
conditions  under  which  the 
plan  can  execute. 

“The  real  power  of  agents  is 
they  can  actually  learn.  And  as 
they  learn,  they  can  self-modi- 
fy  the  rules,”  said  Navi  Radjou, 
an  analyst  at  Forrester  Re¬ 
search  Inc.  “It  goes  well  be¬ 
yond  the  rigid  rules-based  sys¬ 
tems,  which  offer  you  a  limit¬ 
ed  set  of  alternatives.” 

Agentis  and  other  vendors, 
such  as  VI  Agents  LLC  and 
Whitestein  Technologies  AG, 
are  maneuvering  to  capture 
the  growing  demand  from 
high-level  executives  for 
more-adaptive  enterprises, 
which  can  respond  to  changes 
in  product  development,  sup¬ 
ply  chain  problems  or  logisti¬ 
cal  challenges,  Radjou  said. 

O  52246 

This  [project 
requires]  a 
process  that  has 
never  been  done 
before,  and  it  is  con¬ 
stantly  changing. 

BARBARA  BANKS.  CIO.  CHICAGO 
HOUSING  AUTHORITY 


How  did  80%  of  information 
become  100%  useless? 

What  if  information  could  find  its  way  in  and  out  of 
databases,  all  on  its  very  own?  With  the  Adobe 
Intelligent  Document  Platform,  it's  possible.  When  you 

combine  the  logic  of  XML  and  Adobe  PDF,  suddenly 
documents  are  smarter.  Unstructured  content  unifies  with 

structured  data.  And  information  intuitively  travels  where 
it's  needed,  safely  and  securely.  It's  simplicity  at  work. 
The  Intelligent  Document  Platform.  Better  by  Adobe. 


See  how  smarter  documents  are  working  for  other  companies  at  adobe.com/idp. 
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Microsoft  Launches 
Research  Initiative 

Following  the  European  Commis¬ 
sion’s  call  for  increased  technol¬ 
ogy  research,  Microsoft  Corp. 
said  it’s  launching  an  initiative  to 
invest  in  research  centers  in  Eu¬ 
rope.  The  EuroScience  program 
was  unveiled  by  Microsoft  Chair¬ 
man  Bill  Gates  in  Prague.  The  first 
research  center,  at  the  University 
of  Trento  in  Italy,  will  focus  on 
using  computational  tools  for 
biological  research. 


Google  Reports 
Sales,  Profit  Boosts 

Google  Inc.  saw  revenue  and  net 
income  grow  significantly  in  its 
fourth  quarter.  The  search  engine 
vendor  said  its  ad  sales  continued 
to  climb  both  on  its  own  and  on 
partners'  Web  sites. 


GOOGLE  BY  THE  NUMBERS 

REVENUE 

■  PROFIT  M 

Q4’04 

KfiEEl 

S204.1M 

Q4’03 

S512M 

S27.3M 

CA  Names  CFO 

Computer  Associates  Internation¬ 
al  Inc.  raided  Dell  Inc.  to  fill  one  of 
its  last  remaining  management 
vacancies.  The  company  hired 
former  Dell  Chief  Accounting  Offi¬ 
cer  Robert  Davis  as  its  new  chief 
financial  officer.  Davis  fills  a  spot 
left  open  after  CA  fired  former 
CFO  Ira  Zar  in  October  2003  in 
connection  with  its  investigation 
of  an  accounting  scheme  that  re¬ 
sulted  in  improper  recording  of 
$2.2  billion  in  revenue. 


Microsoft  Ships 
New  Search  Engine 

Microsoft's  Internet  Explorer 
search  engine  is  ready  to  take 
center  stage  at  the  MSN.com  Web 
portal.  The  portal  previously  used 
search  technology  from  rival 
Yahoo  Inc.  The  new  MSN  Search 
engine,  in  beta-test  mode  since 
November,  lets  users  search  Web 
sites  as  well  as  content  from 
Microsoft’s  Encarta  encyclopedia 
and  MSN  Music. 
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Databases  Can’t 
Handle  RFID . . . 

. . .  data  deluge  that  will  soon  rain  down  on  IT.  Kathleen 
Mitchell,  CEO  of  CopperEye  Ltd.  in  Bath,  England, 
says  that  radio  frequency  identification  technology 
will  arrive  everywhere  all  too  soon  and  that  IT  will 
be  asked  to  manage  the  data  that  tracks  “a  product 
from  raw  materials  to  its  final  configuration.”  A 

all  of  its  inventory  via 
RFID  tags  for  a  single 


recent  Ford  Motor 
Co.  recall  of  about 
750,000  trucks  under¬ 
scores  the  problem.  A 
small  fraction  of  the 
recalled  trucks  have  a 
faulty  cruise-control 
device.  Had  parts  in¬ 
formation  from  Ford’s 
production  lines  been 
accessible,  the  company  could 
have  recalled  only  the  trucks 
affected.  “I’m  betting  Ford  had 
the  data  in  log  files,  but  it  was 
too  expensive  to  keep  it,  so  it 
was  tossed  out,”  says  Richard 
Cramer,  CopperEye’s  vice 
president  of  marketing  and 
business  development.  He 
and  Mitchell  contend  that  the 
situation  will  only  get  worse 
with  RFID,  which  will  balloon 
the  amount  of  data  that’s  gen¬ 
erated  and  make  indexing  the 
information  in  a  relational 
database  prohibitively  expen¬ 
sive  and  all  but  impossible. 
Mitchell  estimates  that  if 
Wal-Mart  Stores  Inc.  logged 


day,  it  would  reach  7 
million  terabytes  of 
data.  Gulp!  Can  your 
database  swallow 
that?  Didn’t  think  so. 
So,  what  can  you  do 
when  RFID  data  man¬ 
agement  hits  your  in¬ 
box?  Consider  CopperEye’s 
yet-to-be-announced  Project 
Greenwich  software.  Due  in 
Q2,  Greenwich  indexes  the 
flat  files,  or  data  logs,  that 
will  be  fed  RFID  information. 
According  to  Cramer,  the 
technology  can  easily  index 
petabytes  of  data.  “Most  of 
the  data  you’ll  never  need,” 
he  says.  “But  when  you  need 
it,  you  need  it  right  now.”  Just 
ask  Ford. 

Start  providing 
endpoint  security. . . 

. . .  with  a  new  service  from 
Check  Point  Software  Technolo¬ 
gies  Ltd.  in  Redwood  City, 


Calif.  The  Program 
Advisor  service, 
which  is  being 
launched  today  as  a 
component  of  Check 
Point’s  Integrity  6.0 
software  upgrade, 
provides  a  database 
of  trusted  applica¬ 
tions  that  can  be 
queried  in  real  time  when  a 
computer  launches  a  program 
for  the  first  time.  If  the  appli¬ 
cation  is  listed  in  the  data¬ 
base,  you’ll  know  that  it’s  not 
malware.  Rich  Weiss,  director 
of  endpoint  product  market¬ 
ing  at  Check  Point,  doesn’t 
pretend  that  the  current  list 
of  85,000  applications  covers 
the  entire  universe  of  com¬ 
mercial  software.  But  Pro¬ 
gram  Advisor  will  relieve  se¬ 
curity  administrators  of  hav¬ 
ing  to  determine  whether  a 
heretofore  unknown  applica¬ 
tion  on  a  network  is  a  poten¬ 
tial  threat.  In  addition  to  the 
new  service,  Integrity  6.0 
now  runs  in  Linux  and  Win¬ 
dows  clusters,  automatically 
screens  executable  code  for 
malware  and  improves  re¬ 
porting  to  Check  Point’s 
SmartCenter  management 
console.  Pricing  hadn’t  been 
finalized  as  of  our  publication 
deadline.  SmartCenter  itself 
will  be  upgraded  next  month 
with  a  real-time  data-correla- 
tion  engine  that  can  process 
log  data  from  a  variety  of 
security  devices  at  the  rate 
of  20,000  log  events  per  sec¬ 
ond,  Check  Point  said. 

Appliance  controls 
network  access. . . 

...  by  screening  both  the  device 
and  the  user.  Later  this  month. 
Vernier  Networks  Inc.  in 
Mountain  View,  Calif.,  will 
ship  its  Edge  Wall  7000  appli¬ 
ance,  which  screens  each  com¬ 
puter  logging  onto  a  corporate 
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Versions  of 
Internet  Explorer 
in  Check  Point’s 
Program  Advisor 
database. 


Vernier’s  EdgeWall  7000,  a  firewall  for  your  LAN. 


network  for  security 
vulnerabilities,  such  as 
whether  systems  are 
up  to  date  on  software 
patches.  The  device 
also  correlates  user  ac¬ 
cess  rights  with  a  cen¬ 
tralized  Lightweight 
Directory  Access  Pro¬ 
tocol  directory,  says 
Bethany  Meyer,  vice  president 
of  marketing  at  Vernier.  The 
EdgeWall  7000  automatically 
enforces  security  policies  by 
quarantining  vulnerable  de¬ 
vices  until  their  deficiencies 
have  been  remediated.  Each 
appliance  can  handle  up  to 
1,000  end  users  and  costs 
$9,000.  “Consider  it  a  firewall 
for  your  LAN,”  Meyer  says. 

Collaborative 
online  Wiki  world. . . 

. . .  to  get  tools  that  appeal  to  IT. 

A  Wiki  is  an  open-source  col¬ 
laboration  environment  that 
lets  anyone  post  information 
on  a  Web  site.  However,  most 
Wikis  have  primitive  informa¬ 
tion-management  tools.  Palo 
Alto,  Calif.-based  start-up 
JotSpot  Inc.  intends  to  remedy 
the  situation  with  an  epony¬ 
mous  hosted  service  that’s  due 
to  be  launched  by  midyear. 
JotSpot  will  offer  a  WSYWIG 
Wiki  editor,  revision-control 
capabilities,  page-access 
rights  and  other  features. 
JotSpot  adds  the  concept  of  a 
form  to  Wikis  so  their  au¬ 
thors  can  create  pages  that, 
for  example,  include  dates  for 
tracking  information.  “Most 
Wikis  don’t  know  what  a  date 
or  number  is,”  says  JotSpot 
CEO  Joe  Kraus.  “A  Wiki  just 
sees  text  as  a  string.”  Jot- 
Spot’s  technology  also  lets 
users  attach  any  kind  of  file 
to  a  Wiki  page  and  then  in¬ 
dexes  the  text  for  search  pur¬ 
poses,  even  within  word-pro¬ 
cessing  documents  that  are 
attached  to  the 
page.  According 
to  Kraus,  JotSpot 
will  likely  cost 
$3  per  user  per 
month.  ©  52357 


HP  ProLiant  BL30p  server  blades 


. 


When  everything  works  together, 
everything  changes  together. 


HP  BladeSystem  servers  allow  you  to  integrate  your  systems  with 
ease  for  unexpected  growth  and  unforeseen  business  demands. 
Powered  by  Intel  Xeon™  Processors,  these  innovative  servers 
adapt  to  change  in  a  seamless  modular  fashion,  creating  new 
operational  efficiencies  to  dramatically  upgrade  your  enterprise. 
And  that  changes,  well,  everything. 
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Solutions  for  the  adaptive  enterprise. 

m 


To  read  IDC’s  Adapting  to  Change: 


Blade  Systems  Move  into  the  Mainstream,  visit  hp.com/go/bladesmagl9 
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Experts  Warn  That  Some 
CAS  Arrays  Are  at  Risk 

Point  to  security  flaw  in  MD5  hashing 
algorithm  used  for  digital  signatures 


BY  LUCAS  MEARIAN 

ecurity  experts  are 
warning  against  the 
use  of  a  flawed  hashing 
algorithm,  MD5,  for 
digital  signatures  to  store  data 
securely  on  increasingly  popu¬ 
lar  content  addressed  storage 
(CAS)  systems. 

For  instance,  an  official  at 
the  National  Institute  of  Stan¬ 
dards  and  Technology  last 
week  said  IT  managers  have 
good  reason  to  be  concerned 
about  security  flaws  in  M5. 

“It’s  pretty  well  known  right 
now  that  it’s  just  not  up  to 
what  you  need,”  said  Elaine 
Barker,  head  of  NIST’s  com¬ 
puter  security  division. 

Barker  said  NIST  has  no 
plans  to  certify  or  recommend 
the  MD5  algorithm  for  govern¬ 
ment  use. 

The  warnings  come  as  more 
vendors  unveil  CAS  systems 
to  meet  the  need  for  disk- 


another  method  of  indexing, 
called  the  Secure  Hash  Algo¬ 
rithm-1. 

Users  of  EMC  and  Archivas 
systems  say  they  aren’t  con¬ 
cerned  about  the  warnings. 

“I  believe  that  the  possibil¬ 
ity  of  a  [problem]  is  so  unlike¬ 
ly  that  it  does  not  bother  me,” 
said  John  Halamka,  CIO  at 
Boston-based  CareGroup  Inc., 
a  hospital  management  com¬ 
pany.  “Thus  far,  we’ve  been 
working  with  [the]  Centera 
[array]  for  more  than  a  year 
without  a  single  issue.” 

Curt  Tilmes,  a  systems  engi¬ 
neer  at  NASA’s  Goddard  Space 
Flight  Center  in  Greenbelt, 
Md.,  has  been  beta-testing  an 
Archivas  Cluster  CAS  system 
for  archiving  satellite  data 
about  the  earth’s  atmosphere 
for  more  than  a  year. 

He  said  he  feels  it’s  secure 
because  it’s  on  a  private  net¬ 


work  with  firewalls.  “I  sup¬ 
pose  it  wouldn’t  hurt  [to  use  a 
more  secure  algorithm],  but 
for  my  application,  it  wouldn’t 
have  an  effect,”  Tilmes  said. 

Seeking  Alternatives 

Meanwhile,  Sun  Microsystems 
Inc.’s  long-awaited  CAS  sys¬ 
tem,  code-named  Honeycomb, 
won’t  use  the  the  MD5  algo¬ 
rithm  because  of  security  con¬ 
cerns,  said  Chris  Woods,  chief 
technology  officer  for  Sun’s 
storage  practice.  Woods  would 
not  say  which  algorithm  the 
company  will  use  to  index 
stored  objects. 

Just  over  a  week  ago,  Stor¬ 
age  Technology  Corp.  an¬ 
nounced  plans  to  resell  CAS 
technology  from  Permabit  for 
an  e-mail  archival  system. 
StorageTek  shied  away  from 
systems  using  MD5  because 
of  questions  about  whether  it 
is  compliant  with  U.S.  Securi¬ 
ties  and  Exchange  Commis¬ 
sion  regulations,  according 
to  Harvey  Andruss,  product 


As  VoIP  Matures,  Payback 
Remains  an  Issue  for  Users 


based  backup  of  fixed  data 
such  as  e-mail  and  medical 
images.  Experts  say  that  under 
specific  circumstances,  hack¬ 
ers  could  create  files  contain¬ 
ing  malicious  data  that  could 
cause  data  loss  or  the  dissemi¬ 
nation  of  bad  data. 

Of  the  four  major  vendors 
of  CAS  storage,  two  of  them  — 
EMC  Corp.  and  Archivas  Inc. 
in  Waltham,  Mass.  —  use  the 
MD5  algorithm.  The  other 
two,  Permabit  Inc.  in  Cam¬ 
bridge,  Mass.,  and  Avamar 
Technologies  Inc.  in  Irvine, 
Calif.,  do  not.  Archivas  said  it 
provides  the  option  of  using 


Correction 

In  a  story  in  the  Jan.  24  issue, 
("Technology  Can’t  Fill  All  S0A 
CaDs").  Mark  Learning’s  name 
was  misspelled  and  his  title  was 
listed  incorrectly.  Learning  is  vice 
president,  product  development, 
at  Navitaire  Inc.  in  Minneapolis. 


BY  MATT  HAMBLEN 

Voice-over-IP  technology  will 
again  be  the  major  focus  of  this 
week’s  VoiceCon  conference, 
with  an  emphasis  on  finding 
VoIP  applications  that  are 
beneficial  to  business  users. 

Network  managers  who 
were  waiting  to  see  if  VoIP 
was  mature  enough  have  dis¬ 
covered  that  it  is,  said  Fred 
Knight,  general  manager  of 
VoiceCon  2005,  which  is  tak¬ 
ing  place  this  week  in  Orlando. 
“So  the  next  question  is,  What 
can  I  do  with  this  technology 
to  help  businesses  work?” 

Showing  companies  where 
to  look  for  a  return  on  their 
investments  in  IP  telephony 
is  really  at  the  core  of  Voice- 
Con’s  agenda,  Knight  added. 
About  4,000  attendees,  60% 
of  them  users,  are  expected  at 


the  conference,  which  is  spon¬ 
sored  by  MediaLive  Interna¬ 
tional  Inc. 

Craig  Hinkley,  senior  vice 
president  of  network  architec¬ 
ture  at  Bank  of  America  Corp. 
in  Charlotte,  N.C.,  said  VoIP  is 
“pretty  much  a  foregone  con¬ 
clusion”  for  next-generation 
corporate  networks.  “The  dis¬ 
cussion  used  to  be  ‘if  VoIP,’ 
and  it  is  now  ‘when,’  ”  he  said. 

Hinkley  will  deliver  a  key¬ 
note  address  at  VoiceCon  de¬ 
scribing  Bank  of  America’s 
planned  VoIP  implementation, 
which  is  designed  to  put 
180,000  users  on  IP  phones 
from  Cisco  Systems  Inc.  over 
the  next  three  years.  Up  to 
50,000  users  should  come  on¬ 
line  this  year,  Hinkley  said. 

About  35  pilot  projects  in¬ 
volving  1,000  users  are  already 


marketing  manager  for  Stor- 
ageTek’s  Lifecycle  Fixed  Con¬ 
tent  Manager. 

An  SEC  spokesman  would 
not  say  whether  his  agency  is 
currently  investigating  possi¬ 
ble  security  flaws  in  MD5. 

“It  really  is  time  for  [the  in¬ 
dustry]  to  stop  using  MD5,” 
said  Dan  Kaminsky,  a  security 
consultant  at  Avaya  Inc.  in 
Basking  Ridge,  N.J.  “MD5  has 
been  a  deprecated  hashing  al¬ 
gorithm  for  almost  a  decade. 
The  industry  has  clung  to  the 
algorithm,  partially  out  of  in¬ 
ertia,  partially  out  of  scarcity 
of  computer  power.” 

In  a  report  last  month, 
Kaminsky  pointed  out  that  an 
attack  could  be  used  to  create 
two  files  with  the  same  MD5 
hash,  one  with  “safe”  data  and 
one  with  “malicious”  data.  If 
both  files  were  saved  to  the 
same  system,  a  so-called  colli¬ 
sion  could  result,  leading  to 
data  loss  or  the  dissemination 
of  bad  data,  he  said. 

Mike  Kilian,  CTO  at  EMC’s 
Centera  division,  contended 
that  MD5  flaws  don’t  apply  to 
Centera  arrays  because  once  a 
piece  of  content  is  stored,  a 
company  can’t  change  it. 

“Centera  from  almost  Day  1 
has  had  multiple  addressing 


under  way,  he  said.  Much  of 
the  VoIP  work  is  being  coordi¬ 
nated  by  Electronic  Data  Sys¬ 
tems  Corp.,  which  Bank  of 
America  hired  in  late  2002  to 
manage  its  networks  under  a 
10-year,  $4.5  billion  contract. 

In  his  keynote,  Hinkley  will 
offer  advice  aimed  at  helping 
other  IT  managers  navigate 
through  the  minefield  of 
bringing  voice  and  data  teams 
together  to  build  VoIP  sys¬ 
tems.  “The  first  thing  that  hap¬ 
pens  when  you  mention  you’re 
doing  VoIP  is  that  the  room 
splits  and  the  voice  and  data 


HThe  discus¬ 
sion  used  to 
be ‘if  VoIP,’ and  it 
is  now  ‘when.’ 


CRAIG  HINKLEY,  SENIOR  VICE 
PRESIDENT  OF  NETWORK  ARCHI¬ 
TECTURE,  BANK  OF  AMERICA  CORP. 


So,  What 
Is  CAS? 


CAS  SYSTEMS  store  metadata 
and  data  along  with  manage¬ 
ment  policies  to  create  an  ob¬ 
ject  that  is  quickly  retrievable, 
no  matter  where  it’s  stored  on  a 
disk  subsystem.  CAS  uses 
WORM  (write  once,  read  many) 
capabilities  to  ensure  that  once 
data  is  stored,  it  can’t  be  over¬ 
written,  which  satisfies  several 
regulatory  requirements. 


schemes  available  to  applica¬ 
tions,”  Kilian  said. 

Kaminsky  disagreed.  “Cryp¬ 
tography  tends  to  be  a  ‘gar¬ 
bage  algorithm  in,  garbage  se¬ 
curity  out’  discipline,”  he  said. 
“Let’s  say  they  were  append¬ 
ing  custom  metadata  to  the 
end  of  their  files.  Conceivably, 
the  attack  would  not  care,  as 
once  two  files  have  the  same 
hash,  you  can  append  the 
same  [identical]  metadata  to 
both  of  them  and  they’ll  still 
possess  the  same  hash.” 

Archivas  officials  noted  that 
its  CAS  device  does  not  use 
the  MD5  hash  key  to  name  the 
file  in  the  archive,  the  way 
EMC’s  product  does.  ©  52386 


guys  set  up  castles  and  start 
lobbing  grenades,”  he  said. 

Hinkley  has  broken  Bank  of 
America’s  VoIP  project  into 
separate  infrastructure  and 
application  services  compo¬ 
nents.  The  latter  is  “where  a 
lot  of  innovation  and  the  value 
of  VoIP  is  driven  from,”  he 
said.  But  he  declined  to  detail 
the  VoIP  applications  that  are 
being  discussed  at  the  bank  or 
the  cost  of  the  rollout. 

The  security  of  VoIP  sys¬ 
tems  could  be  a  major  topic  of 
discussion  at  VoiceCon  fol¬ 
lowing  last  month’s  release  of 
a  report  by  the  National  Insti¬ 
tute  of  Standards  and  Technol¬ 
ogy  that  warned  users  to  be 
careful  about  deploying  the 
technology  [QuickLink  52209]. 
But  Knight  and  others  said 
that  VoIP  security  was  a  much 
bigger  issue  two  years  ago 
and  that  many  vendors  have 
more-secure  approaches  now. 
©  52389 


#The  best  way  to  stay  ahead  is  to  double 
your  productivity.  Introducing  Scan2 
SC3  11  ^  technology  from  Sharp.  Sharp's  Digital 
Imagers  with  Scan2  technology  are  designed  to  scan  two- 
sided  documents  in  a  single  pass. 

Now  your  training  manuals  and  white  papers  can  be 
scanned,  copied,  emailed  and  digitally  distributed  quicker 
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In  fact,  it's  115%  faster  than  any  other  product  in  its 
class.  Not  only  is  it  like  having  double  the  help,  it  will  also 
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The  AR-M550,  AR-M620  and  ARM7C0: 

■  Operate  at  55, 62  and  70  pages-per-minute 

■  Fully  integrated  network  ready  digital  copier/printers 

•  Include  network  managemen  t  software  and  document  filing  capability 
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Results  of  Buyers  Laboratory  Inc.  Document  Feeding  Speed  tests  (originals  per  minute)  in  22  mode  for  Sharp  AR-M550  vs.  the  following  manufacturers'  competitive  models:  Canon  iR  5000  and  5020,  HP  9055  MFR  Konrca  7155.  Kyocera  Mita  KM  5530,  Ricoh  Afick>  1055  and  55 1  ano 
Toshiba  e-STUDIO  550.  ©2005  Sharp  Corporation 
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Keane  Wins  $14M 
Federal  IT  Deal 

Keane  Inc.  has  been  awarded  a 
new  five-year,  $14  million  ser¬ 
vices  contract  by  Pension  Benefit 
Guaranty  Corp.  The  contract 
extends  Keane’s  10-year  partner¬ 
ship  with  the  federal  agency. 
Under  the  agreement,  the  Boston- 
based  consulting  firm  will  provide 
a  range  of  quality  assurance 
services  to  manage  the  PBGC  In¬ 
tegration  and  Testing  Center  and 
deliver  verification  and  validation. 


AOL  Set  to  Ship 
New  Browser 

America  Online  Inc.  next  week 
plans  to  release  the  first  public 
test  version  of  a  new  Netscape 
browser  that’s  designed  to  protect 
users  from  scams  and  malicious 
code  while  surfing  the  Web.  The 
Firefox-based  browser  targets  Mi¬ 
crosoft  Corp.’s  Internet  Explorer, 
the  subject  of  many  security  vul¬ 
nerabilities,  while  taking  advan¬ 
tage  of  the  popularity  of  Firefox. 


BT  Group  Extends 
Accenture  Pact 

BT  Group  PLC  extended  its  hu¬ 
man  resources  outsourcing  deal 
with  Accenture  Ltd.  by  10  years 
under  a  new  $576  million  con¬ 
tract.  The  deal,  which  will  begin 
in  August,  will  cover  HR  and  re¬ 
lated  IT  functions  for  all  of  BTs 
97,000  employees  and  180,000 
pensioners.  The  previous  five- 
year  contract  covered  only  em¬ 
ployees  in  the  U.K. 


IBM  Buys  Financial 
Outsourcer  Equitant 

IBM  has  agreed  to  acquire  pri¬ 
vately  held  Equitant,  a  Dublin- 
based  financial  IT  outsourcing 
firm.  Financial  terms  of  the  deal, 
which  is  expected  to  close  in  30 
days,  weren't  disclosed.  IBM  said 
the  move  is  aimed  at  strengthen¬ 
ing  its  financial  and  administra¬ 
tive  transformation  services.  All 
200  Equitant  employees  will 
move  over  to  IBM. 


NEWS 

Feds  Look  to  Finalize 


IT  Security  Controls 

NIST  issues  last  draft  of  new  requirements 


BY  JAIKUMAR  VIJAYAN 

he  national  Institute 
of  Standards  and 
Technology  (NIST) 
has  released  the  final 
draft  of  a  set  of  recommended 
security  controls  for  federal 
information  systems. 

The  controls  are  likely  to  be¬ 
come  a  mandatory  and  non- 
waivable  Federal  Information 
Processing  Standard  by  the  end 
of  this  year  for  all  federal  sys¬ 
tems  except  those  related  to 
national  security. 

Some  analysts  predicted 
that  the  mandatory  controls 
will  cause  problems  for  agen¬ 
cies,  especially  smaller  ones. 

“It’s  OK  to  specify  certain 
objectives.  But  it  becomes 
hard  if  things  are  mandated 
down  to  the  specific  controls,” 
said  Michael  Rasmussen,  an 
analyst  at  Forrester  Research 
Inc.  “You  can’t  apply  a  one- 
size-fits-all  set  of  controls.” 

The  third  and  final  version 
of  NIST’s  Special  Publication 


800-53  document  incorporates 
several  recommendations 
from  people  who  commented 
on  previously  published  ver¬ 
sions,  said  Ron  Ross,  project 
leader  of  NIST’s  Federal  Infor¬ 
mation  Security  Management 
Act  (FISMA)  Implementation 
Project. 

Passed  in  2002,  FISMA  is 
the  primary  legislation  cover¬ 
ing  the  security  of  federal  in¬ 
formation  systems. 

Draft  Changes 

According  to  Ross,  major 
changes  in  the  final  draft  in¬ 
clude  a  reduction  in  the  num¬ 
ber  of  security  controls  for 
low-impact  systems,  a  new  set 
of  application-level  controls 
and  greater  discretionary 
powers  for  organizations  to 
downgrade  controls. 

Also  included  in  the  final 
draft  is  language  that  allows 
federal  agencies  to  keep  their 
existing  security  measures  if 
they  can  demonstrate  that  the 


level  of  security  is  equivalent 
to  the  standards  being  pro¬ 
posed  by  NIST. 

Following  a  two-week  pub¬ 
lic  comment  period,  a  final 
version  of  SP  800-53  is  expect¬ 
ed  to  be  approved  by  the  U.S. 
Commerce  Department  by  the 
end  this  month,  Ross  said. 

Around  June,  NIST  will  pub¬ 
lish  a  guide  that  federal  agen¬ 
cies  can  use  to  assess  the  secu¬ 
rity  measures  they  have  put  in 


Security  Mandate 


FISMA  requires  agencies  to: 

■  Group  their  information  sys¬ 
tems  into  low-,  medium-  and 
high-risk  categories. 

■  Select  and  implement  an 
initial  set  of  baseline  security 
controls  for  each  category. 

■  Adjust  the  initial  controls 
based  on  an  assessment  of 
local  risks  and  conditions. 


■  Monitor  the  controls  on  a 
continual  basis  in  order  to 

gauge  their  effectiveness. 


Hosted  Apps  Seek  to  Drive 
Auto  Industry  Collaboration 


BY  JAIKUMAR  VIJAYAN 

Auto  Web  Communications 
Inc.  this  week  plans  to  an¬ 
nounce  a  hosted  service  that’s 
designed  to  let  companies  in 
the  auto  industry  more  effi¬ 
ciently  share  product,  project 
management  and  3-D  engi¬ 
neering  data  via  the  Internet. 

The  real-time  collaboration 
service  is  based  on  product 
life-cycle  management  (PLM) 
software  from  Plano,  Texas- 
based  UGS  Corp.  and  is  being 
positioned  as  a  lower-cost  and 
less-complex  alternative  to 
implementing  similar  capabili¬ 
ties  in-house. 

The  UGS  software  will  al¬ 
low  companies  to  collaborate 
with  one  another  using  then- 


own  project  management  and 
computer-aided  design  and 
engineering  tools,  said  Nino 
DiCosmo,  CEO  of  Rochester 
Hills,  Mich.-based  Auto  Web. 

The  new  service  addresses 
“a  definite  need,”  especially 
for  small  and  midsize  compa¬ 
nies,  said  Doug  Halliday,  di¬ 
rector  of  engineering  systems 
and  data  management  at  Gen¬ 
eral  Motors  Corp. 

“The  ability  to  share  prod¬ 
uct  design  information,  fast 
and  effectively,  all  over  the 
planet  as  required  is  becoming 
key,”  Halliday  said,  noting  that 
automakers  such  as  GM  and 
their  major  suppliers  are  mov¬ 
ing  to  global  development  and 
product  sourcing  models. 


GM  is  tying  together  its 
global  development  centers, 
joint-venture  partners  and 
large  suppliers  into  a  collabo¬ 
rative  environment,  Halliday 
said.  The  Teamcenter  technol¬ 
ogy  developed  by  UGS  is  play¬ 
ing  a  key  role  in  that  initiative. 

Services  such  as  those  being 
offered  by  Auto  Web  will  help 
suppliers  integrate  systems 
more  tightly  with  their  own 
business  partners,  and  with 
those  of  the  manufacturing 
companies  they  supply  to, 
Halliday  said. 

Reaching  Out 

AZ  Automotive  Corp.  in  Cen¬ 
ter  Line,  Mich.,  is  one  example 
of  a  company  making  such  a 
change.  AZ  plans  to  sign  up 
for  Auto  Web’s  service  in  a  bid 
to  enable  real-time  product 
collaboration,  initially  among 
its  nine  North  American 
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place,  Ross  added.  “It  will  allow 
them  to  see  if  the  controls  they 
have  implemented  are  produc¬ 
ing  the  desired  results,”  he  said. 

Adopting  standards  such  as 
those  proposed  by  NIST  is 
crucial  to  the  security  of  fed¬ 
eral  systems  and  to  overall  In¬ 
ternet  security,  said  Larry 
Clinton,  chief  operating  offi¬ 
cer  at  the  Internet  Security  Al¬ 
liance  (ISA)  in  Arlington,  Va. 
But  mandating  compliance, 
even  in  the  public  sector,  is  a 
bad  idea,  he  said. 

ISA  is  a  collaboration  be¬ 
tween  the  CERT  Coordination 
Center  at  Carnegie  Mellon 
University  and  the  Electronic 
Industries  Alliance,  a  federa¬ 
tion  of  trade  associations. 

“The  problem  we’re  trying 
to  solve  changes  far  too  quick¬ 
ly,”  Clinton  said.  “A  traditional 
regulatory  process  just  can’t 
keep  pace.” 

Except  when  dealing  with 
classified  information,  there’s 
little  reason  to  apply  mandato¬ 
ry  controls  to  federal  systems, 
added  Will  Ozier,  president  of 
OPA  Inc.,  a  Vacaville,  Calif.- 
based  risk  management  con¬ 
sultancy.  Controls  should  be 
applied  based  on  “a  quantita¬ 
tive  risk  assessment  that  antic¬ 
ipates  the  prospective  loss” 
resulting  from  a  cyberattack, 
Ozier  said.  ©  52395 


plants  and  eventually  with  its 
100  or  so  suppliers  worldwide, 
said  Mark  Henkelmann,  the 
company’s  IT  director. 

“Being  in  a  cost-reduction 
mode,  we  don’t  have  a  whole 
lot  of  capital  to  spend  on  soft¬ 
ware,”  he  said.  “Auto Web  gives 
us  the  ability  to  outsource  the 
collaboration  piece.” 

A  key  feature  of  Teamcenter 
is  its  support  for  the  3D  JT  data 
format,  which  supports  data 
sharing  among  different  sys¬ 
tems,  said  Chuck  Grindstaff, 
executive  vice  president  of 
product  development  at  UGS. 

Auto  Web  is  trying  to  tap  into 
a  growing  interest  in  hosted 
PLM  services,  said  Ken  Amann, 
an  analyst  at  CIMdata  Inc.  in 
Ann  Arbor,  Mich.  The  trend  is 
prompting  other  business-to- 
business  hubs,  such  as  Exostar 
and  Eurostep,  to  roll  out  similar 
offerings,  he  added.  ©  52396 


Middleware  is  Everywhere 


IBM  EXPRESS  MIDDLEWARE™  IS  SOFTWARE 

Software  like  WebSphere®  Express  that’s  designed 
to  help  mid-sized  businesses  connect  their  processes 
to  meet  business  goals.  On  demand.  Designed  to  work 
with  the  IT  systems  you  have.  Designed  to  be  installed 
quickly  and  easily,  with  prices  starting  at  $600t  Ask  your 
Business  Partner  about  it  -  or  you  might  miss  the  boat. 


1.  Crates  of  patio  furniture  scanned. 

2.  Quantities  verified  on  secure  database. 

3.  Timetables  confirmed  online. 

4.  Inventory  added  to  order  automatically. 
5.1,200  plastic  chairs  en  route  to  Key  West 


Ask  your  Business  Partner  or  learn  more  about  us  at  ibm.comAniddleware/express  E3  demand-express  portfolio 
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Study:  China  No  Threat 
To  India’s  Outsourcers 

CHINA’S  BOOMING  ECONOMY  and 
low  wages  have  prompted  specu¬ 
lation  that  it  will  soon  be  a  strong 
competitor  to  India  for  IT  outsourcing 
business.  But  a  McKinsey  &  Co.  study 
released  last  month  concluded  that  it 
will  be  many  years  before  China’s  soft¬ 
ware  outsourcing  industry  is  a  threat 
to  India’s  IT  services  juggernaut. 

For  starters,  China’s  software  ser¬ 
vices  companies  must  consolidate 
their  highly  fragmented  industry  so 
they  can  gain  the  size  and  expertise 
needed  to  capture  large  international 
projects,  consultants  at  New  York- 
based  McKinsey  said. 

Smaller  companies  are  viewed 
as  riskier  partners  that  are 
vulnerable  to  the  loss  of 
key  personnel  and  “may 
not  have  the  financial 
muscle  to  survive  for  the 
duration  of  a  project,”  the 
authors  said.  Yet,  they 
added,  the  Chinese  com¬ 
panies  interviewed  for 
the  study  showed  little 
interest  in  mergers  and 
acquisitions. 


The  study  also  found  that  only  six 
of  China’s  30  largest  software  develop¬ 
ment  companies  are  certified  at  Levels 
4  or  5  of  the  Software  Engineering  In¬ 
stitute’s  Capability  Maturity  Model.  In 
contrast,  all  of  the  top  30  Indian  soft¬ 
ware  companies  have  achieved  those 
rankings. 


German  Retailer  Reports 
99%  RFID  Read  Rate 

DUSSELDORF,  GERMANY-BASED 
Metro  AG,  the  world’s  third- 
largest  retailer,  reported  Jan.  28 
that  it  has  successfully  implemented 
radio  frequency  identification  technol¬ 
ogy  at  its  largest  and  busiest  distribu¬ 
tion  center  in  Germany. 

Metro  has  processed  more  than 
50,000  shipping  pallets 
equipped  with  RFID  tags 
and  is  achieving  99%  tag 
read  rates,  said  Gerd  Wol¬ 
fram,  the  executive  proj¬ 
ect  manager,  in  a  pre¬ 
pared  statement.  The  dis¬ 
tribution  center  in  Unna, 
Germany,  uses  RFID 
readers  and  tags  from 
Intermec  Technologies 
Corp.  in  Everett,  Wash. 


Germany  and  the  U.K.  are  the  lead¬ 
ing  growth  markets  for  RFID  in  West¬ 
ern  Europe,  where  widespread  adop¬ 
tion  is  expected  in  2006  and  2007  after 
technical  issues  have  been  resolved 
and  pilot  projects  have  been  complet¬ 
ed,  according  to  Juniper  Research  Ltd. 
in  Hampshire,  England.  Juniper  said  it 
expects  RFID  to  be  a  $1  billion  market 
in  Western  Europe  by  2007. 


Tokyo  Court  Orders 
Word  Rival  Off  Market 

TOKYO 

TOKYO  DISTRICT  COURT  judge 
last  week  ordered  a  halt  to  the 
production  and  sale  of  a  popular 
word-processing  program  that  is  the 
only  serious  competitor  in  Japan  to 
Microsoft  Word.  The  court  also  called 
for  existing  stocks  of  the  program, 
called  Ichitaro,  to  be  destroyed  on  the 
grounds  that  its  Help  Mode  function 
infringes  on  a  patent  held  by  Matsushi¬ 
ta  Electric  Industrial  Co. 

Justsystem  Corp.,  the  Tokushima, 
Japan-based  vendor  of  Ichitaro,  said  it 
plans  to  appeal  to  a  higher  court.  The 
company  can  continue  selling  the 
product  until  the  higher  court  rules. 
Osaka,  Japan-based  Matsushita  said  it 
obtained  a  patent  on  the  help  function 
in  1998.  0  52347 
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Compiled  by  Mitch  Betts. 


GLOBAL  FACT 


Profit  increase  reported 
by  Indian  IT  outsourcing 
firm  Wipro  Ltd.  in  the 
quarter  that  ended  Dec. 
31,  compared  with  the 
same  period  a  year  earlier. 


Briefly  Noted 

Christophe  Aulnette,  chairman  and 
CEO  of  Microsoft  Corp.’s  French 
subsidiary,  has  resigned  to  become 
CEO  of  Altran  Technologies  SA,  the 
IT  services  and  consulting  firm 
said  last  week.  Paris-based  Altran, 
which  has  16,000  workers  in  17 
countries,  posted  losses  in  2002 
and  2003;  it  has  yet  to  report  last 
year’s  results.  Aulnette  had  been 
chief  of  Microsoft  France,  which 
has  920  employees,  since  2001. 

■  PETER  SAYER.  IDG  NEWS  SERVICE 


SAP  AG  last  week  introduced  an 
update  of  its  Global  Trade  Services 
software  package  that’s  intended  to 
help  companies  conducting  import/ 
export  business  comply  with  the 
rules  of  North  American  and  Euro¬ 
pean  trade  agreements. 


infonet  Services  Corp.,  a  global 
communications  carrier  based  in 
El  Segundo,  Calif.,  last  week  an¬ 
nounced  the  opening  of  a  Hong 
Kong  subsidiary  that  will  provide 
managed  network  services  and 
support  to  multinational  companies 
doing  business  there. 


IT  Role  in  Sarb-Ox  Problems  Is  Unclear 

Users  find  multiple  compliance  hurdles 


BY  THOMAS  HOFFMAN 

Audit  and  compliance  experts 
last  week  offered  mixed  views 
as  to  how  frequently  IT-relat- 
ed  deficiencies  are  a  signifi¬ 
cant  issue  for  those  companies 
having  problems  meeting  the 
requirements  of  the  Sarbanes- 
Oxley  Act  of  2002. 

Under  Section  404  of  Sar- 
banes-Oxley,  publicly  held 
companies  are  required  to 
attest  to  their  internal  finan¬ 
cial  controls.  Expert  estimates 
range  from  a  low  of  5%  to 
between  20%  and  25%  of  the 
4,000  companies  filing  reports 
this  year  will  reveal  “material 
weaknesses”  in  their  financial 
controls. 

Moreover,  some  experts 
predict  that  more  than  200 
publicly  held  companies  will 


disclose  material  weaknesses 
this  year  because  of  IT-related 
control  deficiencies,  such  as 
security  gaps  and  segregation 
among  applications. 

Todd  Naughton,  vice  presi¬ 
dent  and  controller  at  Zebra 
Technologies  Corp.,  said  the 
toughest  part  of  his  company’s 
internal  controls  assessment 
was  in  its  IT  operations. 

That’s  largely  because  of  the 
amount  of  testing  needed. 

The  Vernon  Hill,  Ill.-based 
supplier  of  printer  compo¬ 
nents  doesn’t  expect  to  report 
any  material  weaknesses  with 
its  financial  controls  when  it 
completes  its  assessment  this 
week,  Naughton  said. 

Meanwhile,  officials  at  Sun¬ 
Trust  Banks  Inc.,  Eastman  Ko¬ 
dak  Co.,  Financial  Institutions 


Inc.  and  Ceridian  Corp.  each 
said  the  material  weaknesses 
they  have  disclosed  in  financial 
controls  weren’t  related  to  IT. 

Many  clients  of  Meta  Group 
Inc.  “were  keeping  their  fin¬ 
gers  crossed  that  the  auditors 
weren’t  going  to  dig  as  deep  in 
Year  1  around  all  of  the  IT  ar¬ 
eas,”  said  John  Van  Decker,  an 
analyst  at  the  research  firm  in 
Stamford,  Conn. 

Van  Decker  expects  that  up 
to  25%  of  accelerated  filers  — 
companies  with  a  market 
capitalization  greater  than 
$75  million  whose  fiscal  year 
ended  after  Nov.  15  —  will  re¬ 
port  material  weaknesses  to 
their  internal  controls.  The 
cause  for  30%  to  40%  of  those 
companies  will  be  IT  or  appli¬ 
cation-control  deficiencies. 

Van  Decker  and  other  ex¬ 
perts  predicted  that  problems 


will  be  more  common  among 
small-to-midsize  businesses  — 
those  with  $75  million  to  $900 
million  in  revenues  —  whose 
IT  staffs  are  stretched  too  thin 
to  effectively  deal  with  com¬ 
pliance  requirements. 

According  to  “Compliance 
Week,”  a  Newton,  Mass.-based 
weekly  newsletter  on  corpo¬ 
rate  governance  and  compli¬ 
ance,  only  3.5%  of  the  582 
companies  that  made  material 
weakness  and  “significant  de¬ 
ficiency”  disclosures  in  2004 


IT  System  Snags 


Of  the  582  “material 
weakness”  and  “significant 
deficiency”  disclosures  made 
in  2004,  just  3.5% 
specifically  mentioned  IT 
controls,  according  to  “Com¬ 
pliance  Week,”  a  weekly 
newsletter  on  corporate 
governance  and  compliance. 


specifically  mentioned  IT 
controls. 

However,  those  figures  may 
be  deceiving  because  the 
largest  number  of  deficiency 
and  weakness  disclosures 
made  in  2004  were  related  to 
financial  systems  and  proce¬ 
dures,  said  “Compliance 
Week”  Editor  and  Publisher 
Scott  Cohen.  “Companies 
don’t  always  disclose  granular 
details  about  such  weakness¬ 
es,  so  it’s  possible  that  many 
did  include  problems  with  IT 
systems  and  controls,”  he  said. 

Marios  Damianides,  a  part¬ 
ner  in  the  technology  and  se¬ 
curity  risk  services  group  at 
Ernst  &  Young  LLP  in  New 
York,  expects  that  just  5%  of 
accelerated  filers  will  report 
material  weaknesses  in  their 
internal  controls.  Within  that 
subset,  just  one  out  of  five 
companies  will  report  IT- 
related  deficiencies,  predicted 
Damianides.  ©  52382 
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SUN  FIRE™  SERVERS  WITH  AMD  OPTERON™  PROCESSORS. 

UP  TO  76%  FASTER1  THAN  THE  COMPETITION  AND  35%  LOWER  COST.2 

Sun  delivers  extreme  performance  at  an  unbeatable  price.  Choose  the  2-way  Sun  Fire™  V20z  server  or  the  4-way  Sun  j  AMD 
Fire  V40z  server,  and  you’ll  get  the  advanced  power  and  flexibility  of  the  AMD  Opteron™  800  or  200  series  processor, 
plus  the  ability  to  run  your  choice  of  operating  systems,  including  Solaris™ OS  and  Red  Hat  Linux,  in  either  32-bit  or 
64-bit  mode.  Add  world-class  Sun  service  and  support,  and  you  have  the  competition-crushing  server  solution  your  { Opteron 
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’The  comparison  presented  above  is  based  on  the  IBM  eServer  xSeries  365  (4x  3.0GHz  Intel  Xeon  MP)  result  of  2616  conforming  connections  and  Sun  Fire  V40z  server  (4x  AMD  Opteron  850)  result  of  4608  conforming  connections  on  SPEC- 
web99_SSL  benchmark,  as  of  1 2/08/04.  SPEC  and  the  benchmark  name  SPECweb99_SSL  are  registered  trademarks  of  the  Standard  Performance  Evaluation  Corporation.  For  the  latest  SPECweb99,  SSL  benchmark  results,  visit  www.spec.org. 
2Source:  DH  Brown  Pricing  Configurator  dated  1 1/3/04.  4x  3.0GHz/8GB  memory  using  1GB  DIMMs/2x  73GB  (10K)  disks/DVD/2  redundant  power  supplies/OS. 
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Arkansas 


the  cost  of  AASIS  at  $60  mil¬ 
lion,  twice  the  estimated  bud¬ 
get  at  the  project’s  start.  It 
contracted  with  SAP  for  the 
system  in  February  2000. 

After  the  initial  installation 
of  SAP’s  budgeting  system 
failed,  the  state  spent  $2  mil¬ 
lion  on  software  from  Protech 
Solutions  Inc.  in  Little  Rock, 
Ark.,  according  to  officials.  A 
source  within  the  government 
said  that  the  state  will  retire 
the  performance-based  com¬ 
ponent  developed  by  Protech 
while  keeping  its  basic  bud¬ 
geting  application. 

SAP  insists  that  AASIS  is  a 
success  overall  and  claims  that 
the  system  has  the  support  of 
the  governor.  “We  delivered  a 
tool  for  budgeting  for  the 
state,  and  they  chose  not  to 
use  it  early  on,”  said  William 
Wohl,  a  spokesman  for  SAP 
America  Inc.  As  for  the  litiga¬ 
tion,  he  added,  “the  position 
the  state  took  is  not  SAP’s.” 

Arkansas  Attorney  General 
Mike  Beebe,  who  is  represent¬ 
ing  the  state  in  its  lawsuit 
against  SAP,  said  the  technolo¬ 
gy  behind  the  performance- 
based  budgeting  software  in 
AASIS  was  originally  designed 
to  provide  individual  agencies 
with  more  budgeting  freedom 
while  ensuring  that  they  hit 
operational  targets. 

“The  business  model  of 
budgeting  traditionally  uses 
line  items,”  said  Beebe.  “This 


Other  Woes 

In  addition,  because  AASIS 
didn’t  comply  with  handicap- 
accessibility  requirements,  a 
court  shut  down  some  non- 
essential  portions  of  the  sys¬ 
tem  last  July,  Beebe  said. 

At  times  in  the  past  several 
years,  he  said,  some  legislators 


Subscription  Interest 

One  user  who  plans  to  evalu¬ 
ate  the  Sun  Grid  model  is  Joe 
Euteneur,  chief  financial  offi¬ 
cer  at  XM  Satellite  Radio 
Holdings  Inc.  in  Washington. 
XM  last  week  said  it  has  made 
Sun  the  sole  Unix  server  and 
storage  supplier  for  its  back- 
office  data  center,  which  sup¬ 
ports  business  operations, 
marketing  and  customer  ser¬ 
vice.  The  company’s  broadcast 
operations  use  a  variety  of 
vendors,  including  Sun. 

“They  clearly  have  my  inter¬ 
est,”  Euteneur  said.  “The  com¬ 
puter  industry  is  trying  to 
move  toward  a  subscription- 


The  SAP-Arkansas  Saga 


SAP  agrees  to  provide 
Arkansas  with  an  ERP  system 
that  includes  HR,  payroll  and 
performance-based  budgeting. 


Partially  because  of  AASIS 
problems,  the  state’s  CIO 
resigns. 


State  discloses  plans  to 
unplug  the  performance- 
based  budgeting  system. 


2000 

2001 

2002 

2004 

2005 
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ERP  system  goes  live  without  adequate  performance- 
based  budgeting  or  access  for  visually  impaired  users. 

The  state  is  sued  by  employees  for  a  lack  of 
handicap-access  in  AASIS;  the  state  in  turn  sues 
SAP  Public  Services  Inc. 


Parts  of  the  system  are 
ordered  shut  down  for 
noncompliance  with 
handicap-access 
requirements. 


grants  more  flexibility  to 
agencies  but  has  a  risk  and 
rewards  system  [that’s]  depen¬ 
dent  on  meeting  goals  and 
mission  compliance.” 

The  most  recent  version  of 
the  lawsuit,  filed  last  February, 
states  that  “SAP’s  first  attempt 
to  deliver  a  budgeting  system 
within  AASIS  as  required  by 
the  contract  wasn’t  complete 
when  SAP  unilaterally  changed 
course.  SAP’s  second  attempt 
to  provide  a  budget  system 
‘outside’  the  integrated  system 
on  a  business  warehouse  plat¬ 
form  also  failed.” 


have  discussed  unplugging  the 
entire  system,  though  that 
rhetoric  has  died  down  lately. 
“We  could  end  up  with  an¬ 


other  vendor  if  they  can’t  pro¬ 
vide  the  software  to  our  satis¬ 
faction,”  Beebe  speculated. 
“My  personal  opinion  is  that 


AASIS  should  provide  what 
was  contracted  for.” 

He  added  that  if  SAP  can’t 
fix  the  budgeting  application 
and  meet  the  handicap- 
accessibility  requirements, 
“they  should  pay  the  amount 
necessary  for  another  vendor.” 

Beebe  said  the  state  is  still 
preparing  for  a  trial  in  its  law¬ 
suit  against  SAP.  No  trial  date 
has  yet  been  set,  he  added. 

The  governor’s  spokesman 
declined  to  disclose  the 
amount  of  damages  that  the 
state  is  seeking  from  SAP. 

Beebe  noted  that  in  general, 
SAP  blames  the  problems  on 
a  lack  of  adequate  training 
and  resources  from  the  state, 
while  Arkansas  blames  the 
performance  of  the  software. 
©  52392 
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Sun 

the  unused  CPU  hours  on  the 
exchange. 

Trading  won’t  begin  for  an¬ 
other  three  to  six  months,  a 
Sun  official  said,  adding  that 
the  company  may  also  offer 
CPU  cycles  on  the  exchange. 

Sun  said  it  is  in  a  “proof  of 
concept”  phase  on  Sun  Grid 
with  some  users  and  has  about 
10,000  CPUs  available  at  mul¬ 
tiple  data  centers.  The  base 
price  for  CPU  time  is  $1  per 
hour,  and  Sun  is  also  offering 
storage  at  a  monthly  cost  of  $1 
per  gigabyte.  But  volume  users 
will  likely  pay  a  lower  rate,  the 
company  said. 


based  business,  and  obviously 
we  are  a  subscription-based 
business.” 

He  added  that  he  sees  po¬ 
tential  cost  advantages  to  us¬ 
ing  Sun  Grid,  but  it  depends 
on  the  service  delivery  and 
the  actual  pricing  that  XM 
could  get  from  Sun. 

Sun  expects  the  early 
adopters  of  Sun  Grid  to  be 
high-performance 
computing  users  in 
industries  such  as 
financial  services, 
oil  and  gas  explo¬ 
ration,  and  the  life 
sciences. 

Jonathan 
Schwartz,  Sun’s 
president  and  chief 
operating  officer, 
said  at  the  compa¬ 
ny’s  quarterly  prod¬ 
uct  rollout  in  Santa 
Clara,  Calif.,  that 
large  software  de¬ 
velopment  organizations  also 
may  find  Sun  Grid  appealing. 

The  new  approach  “will  of¬ 
fer  standardized  software  in¬ 
frastructure  in  a  grid  that  all 
their  developers  can  get  ac¬ 
cess  to  worldwide,  without 
that  business  having  to  main¬ 
tain  and  operate  the  infra¬ 
structure,”  Schwartz  said. 

Other  vendors,  such  as  IBM, 
already  offer  pay-per-use  utili¬ 
ty  computing.  But  Sun’s  fixed 
price  and  its  marketplace  ap¬ 
proach  illustrate  the  increas¬ 


ing  commoditization  of  IT, 
said  Nicholas  Carr,  author  of 
Does  IT  Matter?  Information 
Technology  and  the  Corrosion 
of  Competitive  Advantage 
(Harvard  Business  School 
Press,  2004). 

Carr  said  that  upward  of 
90%  of  a  company’s  IT  spend¬ 
ing  goes  to  basic  infrastruc¬ 
ture.  “That’s  a  large  percent  of 
expenditures  that, 
in  fact,  can  move  to 
a  utility  model,”  he 
said.  “I  think  [Sim 
Chairman  and 
CEO]  Scott  Mc- 
Nealy  has  seen  the 
future.  The  ques¬ 
tion  now  is.  Have 
Scott  McNealy’s 
customers  seen  the 
future?” 

Christopher 
Willard,  an  analyst 
at  Framingham, 
Mass.-based  IDC, 
said  the  technical  users  that 
Sun  sees  as  likely  Sun  Grid 
customers  have  “an  insatiable 
appetite”  for  compute  cycles. 
But  they  will  have  to  be  con¬ 
vinced  that  security  is  tight 
and  that  data  can  be  processed 
swiftly  on  the  grid,  he  said. 
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BY  JOHN  BLAU 

SAP  AG  plans 
by  2007  to  roll 
out  a  new  appli¬ 
cation  platform 
based  on  its 
NetWeaver  inte¬ 
gration  technol¬ 
ogy.  The  Busi¬ 
ness  Process 
Platform  will  lead  to  an  “indus¬ 
trialization  of  the  software  in¬ 
dustry,”  contends  CEO  Henning 
Kagermann,  who  recently  dis¬ 
cussed  the  company’s  plans. 


ARE  YOU  READY? 

80%  of  IT  failures  are  a  result  of  poorly  managed  change. 

If  you  could  harness  these  IT  changes  and  reduce 
disruption  to  your  business,  wouldn't  you?  BMC  Software's 
Change  and  Configuration  Management  (CCM)  solution, 
an  integral  part  of  Business  Service  Management,  delivers 
an  end-to-end  lifecycle  management  approach  to 
managing  change  processes,  configuration  control  & 
information  (CMDB),  and  discovery  &  detection. 

<  S)IHC  R  EM  E  DY  management 


Will  the  new  system  be  based  on 
an  open  architecture?  Definitely. 
We  let  customers  decide  in 
which  language  they  want  to 
develop  add-ons.  The  discus¬ 
sion  about  whether  it  has  to  be 
Java  or  our  own  ABAP  [pro¬ 
gramming  language]  is  stupid. 


When  will  Business  Process  Plat¬ 
form  ship?  In  2006,  we  will 
provide  ISVs  with  broad  ac¬ 
cess  to  the  platform  so  they 
can  develop  software  applica¬ 
tions  on  top  of  it.  We  aim  to 
move  our  complete  portfolio 
to  the  [system]  by  2007. 


Remedy  Change  Management,  a  key  part  of  CCM,  is  an  ITIL- 
compatible  application  that  enables  IT  to  reduce  business 
outages  and  accelerate  responsiveness  to  change.  Plus,  our 
recent  acquisition  of  Marimba  brings  the  broadest  set  of 
policy-based  configuration  management  automation  products 
to  our  CCM  solution.  Now,  you  can  ensure  that  wide-scale 
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change  is  implemented  smoothly,  efficiently,  and  reliably. 

-  .  '  ’  i;  -/ 

Learn  more  at  www.remedy.com/ccrti 
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believes  everything  revolves 
around  data.  We  say  everything 
revolves  around  processes. 

What  about  price  pressure,  espe¬ 
cially  in  the  wake  of  the  Oracle/ 
PeopleSoft  deal?  I’m  not  sure 


what  will  happen.  We  could  see 
stable  prices,  but  this  depends 
on  how  determined  Oracle  is 
to  gain  market  share.  ©  52351 


Blau  reports  for  the  IDG 
News  Service. 


NetWeaver  was  introduced  two 
years  ago.  How  would  you  de¬ 
scribe  it?  NetWeaver  is  an  inte¬ 
gration  platform.  We  have  in¬ 
tegrated  many  technical  tools 
into  it  so  that  customers  can 
integrate  legacy  systems  with 
SAP  technology  more  easily. 
The  idea  is  to  give  people  on 
the  outside  access  to  functions 
inside  our  technology. 

You’re  still  rolling  out  NetWeaver, 
but  you're  already  talking  about 
the  Business  Process  Platform. 
Why?  We  could  stop  with  Net- 
Weaver,  but  if  customers  want 
to  adapt  more  quickly  to  new 
business  models  and  be  more 
innovative  with  their  use  of 
business  software,  they  also 
need  to  be  able  to  build  new 
services  faster  and  with  great¬ 
er  flexibility.  We  want  to  cre¬ 
ate  reusable  processes  at  the 
application  level  and  combine 
these  with  NetWeaver. 


CHANGE  TO  YOUR  IT  INFRASTRUCTURE. 


CEO  Says  SAP  Is  Ready  for  New  Oracle 


lieve  so.  We’ve  been  saying  all 
along  that  the  underlying  tech¬ 
nology,  such  as  database  sys¬ 
tems,  is  a  commodity  and  that 


it  makes  no  sense  to  integrate 
our  software  in  this  layer.  We 
want  to  give  customers  the 
freedom  to  choose.  Oracle  still 


Will  the  new  platform  help  differ¬ 
entiate  SAP  from  Oracle?  We  be¬ 
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DON  TENNANT 


The  Three  Stooges 


WHEN  I  HEARD  last  week  that  three 

U.S.  congressmen  were  raising 
the  alarm  that  the  planned  sale 
of  IBM’s  PC  business  to  China’s 
Lenovo  Group  could  threaten  our 
national  security,  all  I  could  do  was  shake  my  head 
in  disgust  and  think,  “Here  we  go  again.” 


In  case  you  haven’t 
heard,  the  three  congress¬ 
men  —  the  chairmen  of 
the  House  International 
Relations,  Armed  Services 
and  Small  Business  com¬ 
mittees  —  are  fretting  that 
advanced  technology 
could  be  transferred  to  the 
Chinese  government,  and 
they  want  to  roll  out 
some  bureaucratic  red 
tape  to  slow  down  the 
government’s  review  of 


DON  TENNANT  is  editor  in 
chief  of  Computerworld. 
You  can  contact  him  at 

don.tennant® 

computerworld.com. 


fer  was  so  transparent 
that  the  only  perceptible 
change  was  the  appear¬ 
ance  of  Chinese  flags 
where  the  British  flags 
used  to  be. 

Now  we  have  Con¬ 
gressmen  Larry,  Moe  and 
Curly  running  around 
making  the  same  ill- 
informed,  alarmist  argu¬ 
ments  that  the  oppo¬ 
nents  of  Most  Favored 
Nation  trading  status  for 


the  deal  [QuickLink  52217].  The  hand- 
wringing  bespeaks  a  level  of  igno¬ 
rance  that  has  been  pervasive  in  the 
U.S.  Congress  and  media  for  years. 

I  lived  in  Hong  Kong  in  the  ’90s, 
and  I  was  there  when  the  territory  re¬ 
verted  to  Chinese  sovereignty  on  July 
1, 1997. 1  was  among  the  many  Ameri¬ 
can  expats  there  who  were  mortified 
by  the  cries  of  hysteria  that  were 
coming  out  of  Congress  —  and  by  the 
way  the  event  was  covered  in  the  U.S. 
media.  I  remember  watching  Dan 
Rather  in  that  absurd  flak  jacket,  re¬ 
porting  at  midnight  from  the  Hong 
Kong-China  border.  The  backdrop 
was  a  convoy  of  trucks  full  of  Peo¬ 
ple’s  Liberation  Army  soldiers  rum¬ 
bling  ominously  into  Hong  Kong. 

You  would  have  thought  Hong 
Kong  was  under  siege.  Never  mind 
that  any  country  that  gains  sover¬ 
eignty  over  a  territory  is  responsible 
for  defending  the  citizens  of  that  ter¬ 
ritory,  and  that  China  was  obligated 
to  be  prepared  to  do  that  immediate¬ 
ly.  Never  mind  that  I  never  once  — 
not  once  —  saw  a  PLA  soldier  during 
the  two  and  a  half  years  that  I  con¬ 
tinued  to  live  in  Hong  Kong  after  the 
transfer.  Never  mind  that  the  trans¬ 


China  made  in  the  ’90s.  And  they  ap¬ 
pear  to  have  an  equally  ill-informed, 
receptive  audience.  The  New  York 
Times,  citing  unnamed  sources,  re¬ 
ported  that  members  of  the  Com¬ 
mittee  on  Foreign  Investments  in 
the  United  States  —  the  multiagency 
body  reviewing  the  Lenovo  deal  — 
are  concerned  that  things  like 
battery  technology  could  be  used 


to  advance  China’s  military  capa¬ 
bilities.  I’m  not  making  that  up. 

The  underlying  problem,  you  see, 
is  that  China  engages  in  industrial  es¬ 
pionage  against  the  U.S.  Good  grief. 
Don’t  tell  anybody,  but  so  do  Japan, 
South  Korea,  France,  Germany  and 
just  about  all  of  our  allies  and  largest 
trading  partners.  And . . .  shhhhhh . . . 
we  do  it  to  them,  too.  Apparently 
that’s  news  in  some  circles  in  Wash¬ 
ington.  And  we’re  afraid  about  our 
R&D  work  being  transferred  to  Bei¬ 
jing?  Please.  Many  U.S.  high-tech 
companies  have  long-standing  R&D 
operations  in  China,  IBM  and  Micro¬ 
soft  being  among  the  largest.  I’ve 
been  to  the  facilities  of  both,  and  to 
some  others.  They’re  impressive,  and 
they  play  an  integral  part  in  advanc¬ 
ing  the  technologies  that  benefit 
people  around  the  globe  every  day. 
That’s  the  world  we  live  in. 

We’re  not  living  in  a  black-and- 
white  world  of  1930s  isolationism. 
The  Three  Stooges  are  poking  our 
third-largest  trading  partner  in  the 
eye,  and  it’s  inexcusable.  If  we  put 
anything  under  review  in  Washing¬ 
ton,  let’s  make  it  legislative  buffoon¬ 
ery.  We’d  all  be  better  off.  ©  52310 


MICHAEL  H.  HUGOS 


The  View 
Fromjo’burg 


LAST  fall,  I  made  my 
way  from  Chicago  to 
Frankfurt  and  then  on  to 
Johannesburg,  South  Africa, 

to  speak  at  an  IT  conference.  I  experi¬ 
enced  firsthand  how  information  and 
communication  technology  (or  ICT,  as 
the  Europeans  and  Africans  say)  is 
changing  the  world  and  driving  the 
global  economy  [QuickLink  51329].  My 
trip  to  Jo’burg  (as  the  locals  call  it)  was 
a  real  eye-opener  for  me. 

In  the  past  five  years,  the  global  in¬ 
formation  infrastructure  has  become 
a  reality.  It’s  odd,  because  we  nearly 
talked  ourselves  to  death  about  all  this 
during  the  boom  years  of  the  ’90s,  and 
when  the  bubble  burst,  we  didn’t  want 
to  hear  about  it  anymore.  But  it  hap¬ 
pened  anyway.  Some  of  the  wildest 
stock  prospectus  claims  from  the  late 
’90s  are  now  a  reality  or  an  imminent 


possibility.  This  is 
happening  all  over 
the  world,  not  just 
in  North  America. 

The  theme  of  the 
three-day  conference 
was  “Getting  the 
Most  Out  of  Your  IT 
Department.”  Topics 
included  best  prac¬ 
tices  for  data  securi¬ 
ty,  measuring  total 
cost  of  IT  ownership 
and  business  growth 
strategies.  My  simple 
Chicago  ears  were 
challenged  to  under¬ 
stand  English  spoken 
with  so  many  differ¬ 
ent  accents  —  Indi¬ 
an,  Afrikaner,  Zulu, 
British.  But  I  quickly 
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realized  that  the  presentations  were 
every  bit  as  substantive  and  advanced 
as  anything  I’ve  heard  in  the  States. 

What  was  I  expecting?  Well,  perhaps 
I  was  a  bit  of  a  Yankee  IT  elitist  when  I 
arrived,  but  that  attitude  was  corrected 
in  the  face  of  overwhelming  evidence. 
For  most  of  the  past  50  years,  IT  was 
largely  driven  by  American  inventive¬ 
ness  and  entrepreneurship.  U.S.  com¬ 
panies  are  still  major  players,  but  IT  is 
now  a  global  industry,  and  many  other, 
countries  have  developed  top-notch 
talent. 

The  U.S.  no  longer  has  a  monopoly 
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on  IT,  and  that  takes  some  getting  used 
to.  But  when  you  do  get  used  to  it,  you 
start  to  realize  that  this  spread  of  tech¬ 
nology  is  making  the  world  a  better 
place.  It  is  revitalizing  and  energizing 
the  economy  of  South  Africa,  and  the 
rest  of  the  world,  too. 

One  evening  I  had  dinner  with  two 
other  speakers  from  the  conference. 
We  went  to  an  outdoor  restaurant 
overlooking  Nelson  Mandela  Square. 
Summer  was  coming  on  in  the  South¬ 
ern  Hemisphere,  and  the  restaurants 
that  lined  the  square  were  filled  with 
people.  My  companions  were  South 
Africans  of  Indian  and  Afrikaner  de¬ 
scent,  respectively.  We  talked  about  all 
sorts  of  things,  from  the  changes  that 
South  Africa  has  gone  through  in  the 
past  10  years  to  the  political  and  eco¬ 
nomic  evolution  that  has  made  that 
possible.  And  we  talked  about  how  the 
build-out  of  data  and  telecom  net¬ 
works  by  South  African  companies  is 
starting  to  drive  economic  growth  in 
much  of  the  rest  of  Africa. 

We  came  from  very  diverse  back¬ 
grounds,  yet  our  common  experiences 
with  IT  and  our  thoughts  on  how  IT 
will  shape  the  future  gave  us  reason  to 
be  together.  IT  and  telecommunica¬ 
tions  are  to  the  world’s  economy  today 
what  steel  and  railroads  were  at  the 
start  of  the  20th  century.  They  are 
the  foundation  upon  which  all  sorts 
of  other  businesses  can  grow  and 
thrive.  There  is  something  about  a 
beautiful,  warm  African  night  and  the 
company  of  people  of  goodwill  that 
gives  you  the  feeling  that  great  things 
can  happen.  I  am  proud  to  be  a  part 
of  it.  0  51335 

DAN  GILLMOR 

Apple  Suit  Is 
WrongKind 
Of  Different 

WHEN  Steve  Jobs 
took  the  stage  at 
the  recent  Mac¬ 
world  Conference  and  Expo 

in  San  Francisco  to  make  his  keynote 
speech,  suspense  was  thick  in  the  cav¬ 
ernous  hall.  But  it  wasn’t  the  standard 
“What  will  he  announce?”,  brand  of 
suspense  that  has  marked  Apple  Com¬ 
puter’s  recent  events  of  this  kind. 

What  made  it  different  was  that 
the  previous  week,  Apple  had  sicced 
lawyers  against  one  of  the  most  popu¬ 


lar  Web  sites  that  publish 
information  and  speculation 
about  Apple,  its  products 
and  its  plans.  The  compa¬ 
ny’s  lawsuit  had  all  but  con¬ 
firmed  the  site’s  rumors  — 
and  the  audience  was  essen¬ 
tially  waiting  to  hear  what  it 
already  knew. 

Apple,  one  of  the  most  fa¬ 
mously  secretive  companies 
in  the  technology  business, 
frames  this  case  and  several 
like  it  as  little  more  than  at¬ 
tempts  to  protect  massively 
valuable  trade  secrets.  The 
value  strikes  me  as  ques¬ 
tionable,  and  the  larger  real¬ 
ity  is  an  Apple-aimed  dagger  at  one 
of  the  foundations  of  free  speech:  a 
vibrant  press. 

IT  may  think  it  has  no  horse  in  this 
race.  I  think  IT  should  —  ahem  — 
think  different.  A  culture  of  secrecy, 
enshrined  in  law,  would  make  it  even 
harder  for  companies  to  know  what’s 
going  on,  in  a  time  when  transparency 
should  be  ascendant. 

In  the  case  at  hand,  the  target  is 
Think  Secret  ( www.thinksecret.com ). 
The  site,  operated  by  a  Harvard  fresh¬ 
man  named  Nicholas  Ciarelli  (who 
goes  by  the  site  pen  name  of  Nick 
dePlume),  had  apparently  gotten  in¬ 


formation  that  was  leaked 
by  someone,  perhaps  inside 
Apple,  about  the  consumer 
products  Apple  would  be 
announcing. 

Apple  has  said  in  state¬ 
ments  that  Think  Secret 
induced  people  to  violate 
nondisclosure  agreements 
and  that  this  somehow 
gives  Apple  a  cause  for 
legal  action.  That’s  debat¬ 
able,  but  I’m  fairly  sure  of 
this:  If  the  party  leaking  in¬ 
formation  to  Think  Secret 
had  sent  it  to,  say,  the  San 
Jose  Mercury  News  or  The 
New  York  Times  —  and  had 
those  publications  run  the  news,  as 
they  no  doubt  would  have  —  Apple 
wouldn’t  be  suing.  Both  newspapers 
have  deep  enough  pockets  to  defend 
themselves. 

This  case  looks  to  me  —  and  to 
prominent  San  Francisco  lawyer  Terry 
Gross,  who  is  representing  Think  Se¬ 
cret  at  no  cost  —  like  a  bald  attempt 
to  bludgeon  a  publisher  into  submis¬ 
sion.  In  media  interviews,  Gross  has 
said  he  believes  that  the  case  is  about 
intimidation,  not  about  finding  the 
source  of  the  leaks. 

The  Think  Secret  case  isn’t  the  first 
time  Apple  has  sent  its  lawyers  after 


Web  sites  that  posted  information 
about  possible  upcoming  products. 

Late  last  year,  the  company  sought 
subpoenas  requiring  various  sites  to 
reveal  their  sources,  and  it  got  a  court 
order.  The  Web  sites  are  fighting  the 
subpoenas  on  the  grounds  that  they 
are  journalists  under  California  and 
federal  law.  (Disclosure:  I  have  agreed 
to  file  a  declaration  on  their  behalf, 
saying  that  they  are  indeed  performing 
a  journalistic  function.  I  am  not  being 
paid  to  do  so.) 

In  all  of  these  cases,  free  speech  is 
the  target.  While  we  can  sympathize 
with  Apple’s  desire  to  keep  product 
announcements  quiet  until  the  day  it 
wants  to  make  them,  a  vibrant  press 
is  more  important  than  a  company’s 
product  secrecy  —  despite  Apple’s 
pious  claim  that  it’s  not  attacking  free 
speech. 

If  a  company  wants  to  take  steps  to 
control  its  own  employees’  activities, 
including  firing  or  suing  workers  who 
reveal  secrets,  that’s  its  right.  When  it 
seeks  to  put  a  gag  on  the  people  who 
merely  receive  the  information,  that’s 
going  way  too  far.  ©  52283 
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Stronger,  Longer  Passwords  May  Not  Lead  to  Better  Security 


ILONG  AGO  REALIZED  that  the 
more  difficult  one  makes  a  pass¬ 
word,  the  greater  the  likelihood  that 
it  will  be  written  down  and  kept  in  an 
obvious  location  (taped  to  a  moni¬ 
tor,  for  example).  I’ve  made  lots  of 
simple  suggestions,  such  as  typing 
a  password  with  caps  locked  while 
using  the  shift  key  to  get  something 
like  “pASSWORD,”  typing  a  familiar 
number  while  pressing  the  shift  key, 
or  using  passphrases  [“The  Pass¬ 
word  Is:  Useless  (Probably),"  Quick- 
Link  51072],  None  of  it  works. 

In  my  opinion,  the  only  workable 
solution  for  real  security  is  biomet¬ 
rics.  I  just  hope  they  become  afford¬ 
able  before  it’s  too  late. 

T.  Ross  Valentine 

Senior  network  administrator. 

Technology  Re-Visioned, 

Plano,  III., 

trvalentine@yahoo.com 

ONE  WAY  I’ve  found  to  come  up 
with  hard-to-guess  but  easy- 


to-remember  passwords  is  to  use 
one  of  the  freely  available  “pro¬ 
nounceable”  password  generators 
available  on  the  Internet.  It  would  be 
more  secure  to  generate  them  with¬ 
in  [he  firewall.  I  suppose,  but  I  cus¬ 
tomize  the  generated  passwords  by 
adding  digits  and  punctuation. 
Thomas  Swann 
Consultant,  Vienna,  Va., 
tswann01@yahoo.com 

C.J.  KELLY’S  NOTION  that  a 
long  passphrase  is  stronger 
than  a  password  is  a  fallacy.  This 
hypothesis  may  appear  correct  from 
a  purely  statistical  analysis  (permu- 
tational  computation).  However,  if 
a  smart  dictionary  attack  is  used, 
passphrases  are  rather  simple  to 
crack,  especially  if  the  passphrase 
forms  an  intelligible  sentence  that 
can  easily  be  guessed  by  the  attack¬ 
ing  application. 

Jay  Barbour,  CISSP 
Dallas 


The  questions  to  ask 

are,  “What  needs  to  be  se¬ 
cured?"  and,  “How  secure  does  it 
have  it  to  be?” 

Locking  down  entire  work¬ 
stations  is  a  bit  over  the  top  when 
the  worst  thing  that  could  happen  is 
that  an  unauthorized  person  could 
browse  the  Web  or  use  the  word 
processor. 

The  standard  password  policy  is 
good  enough  to  secure  worksta¬ 
tions,  but  storage  of  confidential 
files  should  use  something  like  bio¬ 
metric  verification  of  a  password. 

There  is  a  whole  array  of  finger¬ 
print,  hand  geometry  and  face 
geometry  readers  available  (no  one 
should  use  the  unhealthy  iris  scan¬ 
ners).  There  is  also  software  that  al¬ 
lows  access  only  when  a  hand,  a 
finger  or  the  face  is  presented. 

In  regards  to  cost-effectiveness 
and  space  consumption,  fingerprint 
readers  have  the  lead  here,  but  fin¬ 
gerprints  require  huge  templates 


compared  to  hand  geometry  in  or¬ 
der  to  accurately  identify  a  person. 

Finally,  the  weakest  link  in  the 
chain  is  the  authorized  personnel. 
Even  the  thickest  door  is  like  air 
wnen  the  one  holding  the  key  is 
careless  or  fraudulent. 

Security  is  a  matter  of  managing 
access  and  maybe  even  micro- 
managing  access  down  to  a  direc¬ 
tory  or  file  level. 

David  Krings 
Bristol,  Conn. 

C0MPUTERW0RLD  welcomes 
comments  from  its  readers.  Letters 
will  be  edited  for  brevity  and  clarity. 
They  should  be  addressed  to 
Jamie  Eckle,  letters  editor,  Com- 
puterworld,  PO  Box  9171, 1  Speen 
Street.  Framingham,  Mass.  01701. 
Fax:(508)879-4843.  E-mail: 
letters@computerworld.com. 
Include  an  address  and  phone 
number  for  immediate  verification. 

OFor  more  letters  on  these  and 
other  topics,  go  to 

www.computerworld.com/letters 
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QUICKSTUDY 

Bayesian  Logic  and  Filters 

Bayesian  logic  is  a  type  of  statistical  analysis 
discovered  by  Rev.  Thomas  Bayes  (right)  that  can 
quantify  an  uncertain  outcome  by  determining  its 
probability  of  occurrence.  Bayesian  filters  are 
used  in  spam-control  software  because  they  can 
adapt  over  time  using  new  data.  Page  28 


SECURITY  MANAGER’S  JOURNAL 

Keeping  Wireless 
Rogues  in  Check 

It  took  months  of  testing  and 
wrestling  with  budget  constraints, 
but  Mathias  Thurman  has  finally 
come  up  with  a  wireless  policy. 

Page  30 


OPINION 

Why  IT  Projects  Fail 

Jian  Zhen  outlines  five  of 
the  most  common  causes 
of  project  failure  and 
offers  suggestions  to  head 
them  off  before  a  project 
begins.  Page  31 


Organizations  are 
turning  to  security 
information 
management 
systems  to 
coordinate  all  the 
disparate  defenses 
on  their  networks. 
By  Drew  Robb 
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per  month.  To  gain  control  over  the  situ¬ 
ation,  he  installed  Computer  Associates 
International  Inc.’s  eTrust  Security 
Command  Center  (SCC).  “Before  I  had 
this,  I  was  kind  of  blind,”  he  says.  “I 
couldn’t  actually  see  all  of  my  company.” 

Stopping  the  Data  Deluge 

Establishing  comprehensive  security 
requires  more  than  just  deploying  an 
ever-expanding  array  of  software  and 
devices.  It  also  means  turning  them  into 
a  coordinated  set  of  managed  assets. 

“Everything  was  a  big  mess,”  says 
Jim  Patterson,  security  analyst  for  the 
Illinois  state  government’s  Legislative 
Information  System.  “Even  from  a  ma¬ 
jor  vendor  like  Cisco,  each  device  had 
its  own  reporting  console.” 

To  make  matters  worse,  Patterson 
found  that  each  device’s  software 
package  typically  had  to  run  on  its  own 
PC.  That  meant  having  to  track  alerts 
from  an  array  of  machines,  all  of  which 
needed  to  be  logged  onto  separately. 

Further  complicating  the  issue,  the 
firewalls  generated  more  log  traffic 
than  the  built-in  database  could  han¬ 
dle.  At  the  recommendation  of  Cisco 
Systems  Inc.,  Patterson  installed  nFX 
Open  Security  Platform  from  net- 
Forensics  Inc.  in  Edison,  N.J. 

“With  SIM  in  place,  you  can  reduce 
the  number  of  people  you  need  to  have 
monitoring  things,  since  everything  is 
Continued  on  page  23 


IRAQ.  ISN’T  THE  ONLY  WAR 

costing  billions.  According  to 
Gartner  Inc.,  4%  of  IT  budgets 
now  go  to  security  hardware 
and  software  as  companies 
deploy  an  army  of  firewalls, 
intrusion-detection  and 
-prevention  systems,  antivirus  tools 
and  VPNs,  as  well  as  authentication, 
access-control  and  identity  manage¬ 
ment  systems,  to  keep  out  hackers, 
criminals  and  other  marauders. 

But  as  any  commander  will  tell  you, 
battlefield  success  isn’t  just  a  matter  of 
superior  firepower.  It  also  depends  on 
communication. 

From  an  IT  standpoint,  the  challenge 
is  how  to  best  turn  a  ragtag  bunch  of 
security  assets  —  each  with  its  own  log 
files,  its  own  data  structure  and  its  own 
rules  —  into  an  elite  defensive  unit. 

To  achieve  this,  companies  are 
turning  to  security  information 
management  (SIM)  software, 
which  is  designed  to  do  for  se¬ 
curity  what  products  such  as 
Tivoli  have  done  for  networks 
—  simplify  management,  provide 
greater  visibility  and  improve 
response  times. 

Chaim  Feldman,  network  and 
systems  security  manager  at 
Bezeq-The  Israel  Telecommu¬ 
nications  Corp.,  Israel’s  nation¬ 
al  telecommunications  pro¬ 
vider,  reports  that  his  company 
wards  off  3,000  to  4,000  attacks 
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(ASBPE)  selects  one  publication  with 
80,000  or  more  subscribers  to  receive 
this  top  honor.  The  award  can  go  to  any 
business  publicat  on  in  any  ind  istry 
category,  and  we  v,  on!  We  are  proud 
that  our  ongoing  commitment  to 
editorial  integrity,  audience  focus 
and  in-depth  coverage  has  been 
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Got  an  award-worthy 
storage  project? 

Submit  it  for  consideration 
by  February  141 
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AWARDS  PROGRAM 


Visit  www.snwusa.com/cw 
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Co-Owned  and  Produced  by 

COMPUTERWORLD 


Learn  How  to  Achieve 
Storage  Networking  Success 


Featured  Speakers  Include: 

BOB  LOGAN 

Vice  President,  Enterprise  Infrastructure  Services 
SAIC 

SONJA  ERICKSON 

Vice  President,  Technical  Operations 
Kodak  EasyShare  Gallery 

PAUL  DYKSTER HOUSE 

Director,  Information  Management  &  Infrastructure 
NDC  Health 

HANK  SIMON 

Web  Services  Technology  Strategist 
Lockheed  Martin 

STEVE  DUPLESSIE 

Founder  and  Senior  Analyst 
Enterprise  Strategy  Group 

JON  WILLIAM  TOIGO 

CEO  and  Founder 
Toigo  Partners  International 

I  ANN  LIVERMORE 

Executive  Vice  President,  Technology  Solutions  Group 
Hewlett-Packard  Company 

See  solutions  from  companies  including: 


See  and  Hear  Tim  Sanders 


TIM  SANDERS 

Leadership  Coach,  Yahool 
Author  of  Love  Is  the  Killer  App  and 
The  Likeability  Factor 


The  Leading  Conference  for: 


•  IT  Management 

•  Storage  Architects 

•  IT  Infrastructure  Professionals 

•  Business  Continuity  Planning  Experts 

•  Data  Management  Specialists 

•  Network  Professionals 

To  register  or  for  more  information, 
visit  www.snwusa.com/cw 
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SNW  has  the  potential 
to  save  someone  80 
flights  a  year ...  an  optimal 
domain  for  consolidated 
interpersonal  industry 
networking  ...” 


«  Michael  Dugan 

Director  of  Technology, 
Forbes.com 


...  the  premier  event  in  the 
storage  industry ...” 


Frank  Enfanto 
Vice  President, 
Operations  Delivery  & 
Information  Security 
Blue  Cross  Blue  Shield 
of  Massachusetts 
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Co-Owned  and  Endorsed  by 

^sSNIA 

Co-Owned  and  Produced  by 

COMPUTERWORLD 


Learn  How  to  Achieve 
Storage  Networking  Success 

•  Get  a  contemporary  overview  of  today's  storage  networking  issues  and  opportunities 

•  See  how  to  implement  and  deploy  the  latest  in  storage  networking  technologies 

•  Hear  the  latest  in  enterprise  security 

•  Learn  from  best  practices  and  case  studies 

Why  You  Should  Attend 

Are  you  responsible  for  managing  your  company's  data  center  assets?  Want  to  exchange  inno¬ 
vative  ideas  and  strategies  with  other  executives  who  share  the  same  objectives?  Then  attend 
Storage  Networking  World,  where  you’ll  network  with  and  learn  from  renowned  experts  and  the 
nation's  top  user  executives. 


Conference  At-a-Glance  (subject  to  change) 


For  details,  updates,  and  to  register  visit  www.snwusa.com/cw 


TUESDAY,  APRIL  12 


Registration  Open  1 1 :00am  -  8:30pm 


9:00am  -  9:30am 
9:30am  -  1 1 :30am 
1 1 :30am  -  1 :00pm 
1 2:00pm  -  5:00pm 
1 :00pm  -  5:25pm 

6:00pm  -  8:00pm 


Breakfast 

Pre-Conference  Tutorials  and  Primers 

Luncheon 

Pre-Conference  Golf  Outing 

End-User  Case  Studies;  SNIA  Voice  of  the  User  Track; 
SNIA  Technical  Tutorials  Track;  Deployable  Solutions  Track 

Welcome  Reception 


WEDNESDAY,  APRIL  13 _ Registration  Open  7:00am  -  8:00pm 


7:1  5am  -  8:1  5am 
8:1 5am  -  8:30am 
8:30am  -  9:1 5am 


9:1 5am  -  9:45am 
9:45am  -  1 0:1 5am 


10:15am  -  10:30am 
1 0:30am  -  1  1 :00am 
1 1 :00am  -  1 1 :30am 
1 1 :30am  -  Noon 


Noon  -  1 2:45pm 


1 2:45pm  -  2:00pm 


Breakfast 

Opening  Remarks 

■  Opening  Visionary  Presentation:  The  Likeability  Factor 

The  research  is  overwhelming  -  for  personal,  corporate  and  national  success, 
we  have  to  possess  a  sufficient  L-Factor.  Bestselling  author  Tim  Sanders,  has 
studied  and  written  about  this  problem  in  his  second  book  The  Likeability 
Factor  (Crown/Spring  2005),  and  now  has  the  research-based  program  to 
show  audiences  how  to  boost  their  L-Factor  for  greater  success  on  all  levels. 
This  visionary  presentation  outlines  how  likeability  is  the  key  to  finding  suc¬ 
cess  in  relationships,  product  design  and  even  business  life. 

Tim  Sanders,  Leadership  Coach,  Yahoo!  and 

Author  of  Love  is  the  Killer  App  and  The  Likeability  Factor 

End-User  Case  Study 

Industry  Leader  Presentation 

Ann  Livermore,  Executive  Vice  President, 

Technology  Solutions  Group,  Hewlett-Packard 


Break 

End-User  Case  Study 
Industry  Leader  Presentation 

End-User  Case  Study:  The  Story  (and  Storage!) 
Behind  Kodak’s  Online  Photo  Success 

Sonja  Erickson,  Vice  President,  Technical  Operations, 
Kodak  EasyShare  Gallery 

End-User  Panel 

Moderated  by:  Steve  Duplessie,  Founder  &  Senior  Analyst, 
Enterprise  Strategy  Group 

Luncheon 


For  more  information  and  to  register,  visit  www.snwusa.com/cw  or  call  1-800-883-9090 


; 


For  more  information  and  to  register,  visit  www.snwusa.com/cw  or  call  1-800-883-9090 


WEDNESDAY,  APRIL  13  (continued) 


2:10pm  -  5:40pm 

End-User  Case  Studies;  SNIA  Voice  of  the  User  Track; 

SNIA  Technical  Tutorials  Track;  Deployable  Solutions  Track 

5:40pm  -  8:40pm 

Expo  with  Dinner  and  Interoperability  &  Solutions  Demo 

•  30-plus  SNIA  member  companies  collaborating  on  integrated  solutions 

•  Opportunity  to  meet  leading  experts  and  engineers 

THURSDAY,  APRIL  14  Registration  Open  7:00am  -  6:00pm 

7:1 5am  -  8:1 5am 

Breakfast 

8:1 5am  -  8:30am 

Opening  Remarks 

8:30am  -  9:1 5am 

Opening  Visionary  Presentation 

9:1 5am  -  9:45am 

Industry  Leader  Presentation 

9:45am  -  10:1 5am 

y”"fl  End-User  Case  Study 

:  '  I  Bob  Logan,  Vice  President,  Enterprise  Infrastructure  Services,  SAIC 

1 0:1 5am  -  1 0:30am 

Break 

1 0:30am  -  1 1 :00am 

Industry  Leader  Presentation 

1 1 :00am  -  1  1 :30am 

End-User  Case  Study 

1 1 :30am  -  Noon 

Noon  -  1 2:45pm 

Industry  Leader  Presentation 

Panel  Discussion 

Moderated  by:  Jon  William  Toigo,  CEO  &  Founder, 

Hi  Toigo  Partners  International 

12:45pm  -  2:00pm 

Luncheon 

2:1 0pm  -  5:40pm 

W  IDC  Storage  Analyst  Briefing 

2:10pm  -  5:40pm 

End-User  Case  Studies;  SNIA  Voice  of  the  User  Track; 

SNIA  Technical  Tutorials  Track;  Deployable  Solutions  Track 

4:00pm  -  7:00pm 

Expo  Open 

•  Cocktail  Reception  in  Expo  begins  at  5:30pm 

7:00pm  -  9:30pm 

Gala  Evening  with  Dinner  &  Entertainment 

FRIDAY,  APRIL  15  Registration  Open  7:30am  -  10:00am 

7:30am  -  10:00am 

Continental  Breakfast 

8:30am  -  1  2:30pm 

End-User  Case  Studies;  SNIA  Voice  of  the  User  Track; 

SNIA  Technical  Tutorials  Track;  Deployable  Solutions  Track 

1 2:30pm 

Conference  Concludes 

"...  at  SNW,  you  connect 
with  folks  you  normally 
wouldn’t  meet  and 
capitalize  on  the 
serendipitous  exchange 
of  ideas  ...” 


[1 


John  Seely  Brown 
former  director,  Xerox 
Palo  Alto  Research 
Center  (PARC),  and 
former  chief  scientist, 
Xerox 


...  SNW  is  a  great  venue 
for  peer  discussion  ...  an 
opportunity  to  provide 
feedback  to  vendors  on 
what  users  need  from 
them  ...” 
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John  Greer 
Director, 

IT  Infrastructure, 
Pacific  Gas  &  Electric 


The  Wildfire  Golf  Club, 
Faldo  Course 

Phoenix,  Arizona 


Pre-Conference  Golf  Outing 

Complimentary  for  Registered  IT  End-Users 

The  Pre-Conference  Golf  Outing  at  The 
Wildfire  Golf  Club,  Faldo  Course  located  at 
the  JW  Marriott  Desert  Ridge  Resort,  is 


SPONSORED  BY 

Quantum 


JW  Marriott 
Desert  Ridge  Resort 

Phoenix,  Arizona 


Hotel  Reservations  and  Travel  Services 

Global  Odysseys  is  the  official  travel  company 
for  Storage  Networking  World.  They  are  your 
one-stop  shop  for  exclusive  discounted  rates 
on  hotel  accommodations. 
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complimentary  ($165  value)  for  registered  IT  End-Users  (other 
participants,  including  sponsors  and  vendors,  may  play  on  an 
“as  available"  basis  and  are  responsible  for  all  applicable  golf 
outing  expenses). 

For  details  contact  Chris  Leger  at  1-508-820-8277 


To  reserve  your  accommodations,  visit:  www.etcentral.com 
You  can  also  call  our  conference  housing  line  at:  1-888-254-1597 
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Phoenix,  Arizona 


Application  for  Conference  Registration 

Fax  this  completed  application  to  1-508-820-8254  or  apply  online  at:  www.snwusa.com/cw 


Your  business  card  is 
REQUIRED 

to  process  your  application 

Please  affix  your  business  card  to  this  space  prior  to 
submitting  your  application.  Applications  submitted 
without  business  cards  will  not  be  processed. 

Questions?  Call  1-800-883-9090 


If  not  indicated  on  your  business  card, 
please  provide  the  following  required 
information: 


Corporate  Email  Address 


Corporate  Website 

Registration  questions? 

Call  1  -800-883-9090  or  email 
snwreg@computerworld.com 

Need  accommodations? 

Reserve  them  at:  www.etcentral.com 

Or  call  1-888-254-1597 
or  email:  eventhousing@globalodysseys.com 


Please  check  ONE  of  the  following: 

Earlybird  Registration  (through  February  28,  2005) 

Full/Onsite  Registration  (after  February  28,  2005) 

□  1  am  an  IT  End-User* 

(Complete  Attendee  Profile  below) 

□  $895  General  Conference  Package  (April  1 3  &  14) 
(includes  General  Conference  Sessions,  Expo,  Meals  &  Receptions) 

□  $1,290  Total  4-Day  Package  (April  12,  13,  14,  15) 
(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 

□  $1,295  General  Conference  Package  (April  13  &  14) 
(includes  General  Conference  Sessions,  Expo,  Meals  &  Receptions) 

□  $1,690  Total  4-Day  Package  (April  12,  13,  14,  15) 

(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 

*  IT  End-Users  are  defined  as  those  who  are  attending  Storage  Networking  World  with  an  intent  (and  an  fT  spending  budget)  to  potentially  buy/lease  hardware/software/services,  etc  from  our  conference  sponsors  and  are  not  themselves  an  IT  vendor.  As  such, 
account  representatives,  business  development  personnel,  analysts,  consultants  and  anyone  else  attending  who  does  not  have  IT  purchasing  influence  within  their  organization  are  excluded  from  the  “IT  End-User"  designation.  Interpretation  and  enforcement  of 
this  policy  are  at  the  sole  discretion  of  Computerworld. 


I~~|  I  am  a  Channel  Partner/ 
Integrator/Consultant 

(Complete  Attendee  Profile  below) 


□  $3,000  Total  4-Day  Package  (April  12,  13,  14,  15) 

(includes  General  Conference;  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA  Certification  “Test-Ready"  Courses) 


□  $3,500  Total  4-Day  Package  (April  12,  13,  14,  15) 
(includes  General  Conference;  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA  Certification  “Test-Ready"  Courses) 


By  participating  in  SNWs  Channel  Partner/Integrator  registration  package,  registrants  may  enjoy  the  following  benefits:  One  company  representative  may  receive  a  full  conference  pass  to  SNW  Spring  2005;  additional  company 
representatives  pay  $695  each  for  full  conference  passes;  company  may  invite  up  to  five  IT  User  customers  to  attend  SNW  Spring(IT  Users  must  be  strictly  compliant  with  IT  User  definition  on  the  supplied  registration  form); 
companies  registering  for  this  package  interested  in  joining  the  SNIA  are  eligible  to  receive  a  $2,000  discount  provided  that  membership  is  applied  for  prior  to  March  1 , 2005. 


Attendee  Profile:  This  section  MUST  be  completed  by  IT  End-Users  and  Channel  Partners/Integrators/Consultants  only  (optional  for  all  other  registrations)  in  order  to  process  your  application. 


Your  Business/Industry 

□  Aerospace 

□  Manufacturing  &  Process  Industries  (non-computer  related) 

□  Finance/Banking/Accounting 

□  Insurance/Real  Estate/Legal  Sevices 

□  Government:  Federal  (including  Military) 

□  Government:  State  or  Local 

□  Health/Medical/Dental  Services 

□  Retailer/Wholesaler/Distributor  (non-computer  related) 

□  Transportation/Utilities 

□  Communication  Carriers 

(ISP,  Telecom,  Data  Comm,  TV/Cable) 

□  Construction/Architecture/Engineering 

□  Data  Processing  Services 

□  Education 

□  Agriculture/Forestry/Fisheries 

□  Mining/Oil/Gas 

□  Travel/Hospitality/Recreation/Entertainment 

□  Publishing/Broadcast/ Advertising/ 

Public  Relations/Marketing 

□  Research/Development  Lab 

□  Business  Services/Consultant  (non-computer  related) 

□  Manufacturing  of  Computers,  Communications, 

Peripheral  Equipment  or  Software 


Your  Job  Title/Function: 

IT  MANAGEMENT 

□  CIO,  CTO,  CSO 

□  Executive  VP,  Senior  VP 

□  Vice  President 

□  Director 

□  Manager/Other  IT  Manager 
Q  Supervisor 

BUSINESS  MANAGEMENT 

□  CEO,  COO,  Chairman,  President 

□  CFO,  Controller,  Treasurer 

J  Executive  VP,  Senior  VP,  VP,  General  Manager 

□  Director,  Manager 

□  Other  Corporate/Business  Manager 

Number  of  employees  in  your  entire  organization 
(ALL  locations) 

□  20,000  or  more 

□  10,000-19,999 

□  5,000-9,999 

□  1,000-4,999 

□  500-999 

□  100-499 

□  50-99 

□  Less  than  50 


What  is  your  organization’s  annual  IT/IS  budget 
for  all  IT/IS  products? 

□  $1  Billion  or  more 

□  $500  Million  -  $999.9  Million 

□  $100  Million  -$499.9  Million 
U  $50  Million  -  $99.9  Million 

□  $10  Million -$49.9  Million 

□  $1  Million  -  $9.9  Million 

□  $500,000  -  $999,999 

□  $250,000  -  $499,999 

□  $100,000-3249,999 

□  Less  than  $  1 00,000 

What  is  the  estimated  annual  revenue  of 
your  entire  organization? 

□  Over  $10  Billion 

□  $1  Billion  -  $9.9  Billion 

□  $500  Million  -  $999  Million 

□  $100  Million -$499  Million 

□  Less  than  $100  Million 


The  one  item  that  best  describes  your  involvement  in 
the  IT  purchase  process 

□  Authorize/approve  purchase 

□  Evaluate/recommend  products,  brands,  vendors 

□  Specify  features/technical  requirements 

□  Set  budget  for  expenditures 

□  Determine  need  to  purchase 

□  Create  IT  strategy 

□  All  of  the  above 

Would  you  like  to  receive  information  about  playing  In 
the  golf  outing  on  Tuesday,  April  12th? 

□  Yes 

□  No 

Do  you  need  hotel  accomodations? 

□  Yes  (please  visit  www.etcentral.com  to  resen/e) 

□  No 

Would  you  like  to  receive  a  complimentary 
subscription  to  Computerworld? 

□  Yes 

□  No 


l~~|  My  company  is  Sponsoring/ 
Exhibiting  at  SNW 


□  $895  (through  February  28,  2005) 

General  Conference  Package  (April  1 3  &  14) 

(includes  General  Conference  Sessions,  Expo,  Meals  &  Receptions) 

□  $1,290  Total  4-Day  Package  (April  12,  13,  14,  15) 
(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 


□  $1,295  (after  February  28,  2005) 

General  Conference  Package  (April  1 3  &  14) 

(includes  General  Conference  Sessions,  Expo,  Meals  &  Receptions) 

□  $1,690  Total  4-Day  Package  (April  12,  13,  14,  15) 
(includes  General  Conference,  plus  Technical  and  Business  Tracks, 
SNIA-produced  Tutorials,  SNIA-Certification  “Test-Ready"  Courses) 


As  a  sponsor,  you  may  be  eligible  to  attend  using  a  registration  provided  with  your  sponsorship.  (If  those  registrations  have  already  been  assigned/used,  then  you  may  register  at  the  prevailing  rates  above.)  See 
the  current  list  of  sponsors  at  www.snwusa.com.  Questions?  Call  1  -800-883-9090  or  email  snwreg@computerworld.com. 


□  I  am  a  representative  of  a  Non-Sponsoring  IT  Vendor  Company 

□  $5,000  Business  Development  Professional  Package  for  Sales,  Marketing  and  Business  Development  Professionals  (includes  General  Conference  Sessions,  Expo,  Meals  &  Receptions) 


Vendors  are  encouraged  to  participate  in  Storage  Networking  World  through  sponsorship.  (Details  are  available  by 
calling  Ann  Harris  at  508-8208667.)  Alternatively,  vendors  (as  well  as  other  “non-IT  end-user”  professionals  as 
defined  by  Computerworld),  may  apply  for  registration  at  the  “non-sponsoring  vendor”  rate  of  $5,000.  Determination 
of  what  constitutes  a  "non-sponsoring  vendor"  registration  is  made  exclusively  by  Computerworld. 

Please  call  888-239-4505  with  questions. 


Q  I  am  a  Financial/Equity  Analyst 

□  $1,290  (through  February  28,  2005) 
General  Conference  Package 
(includes  General  Conference  Sessions, 
Expo,  Meals  &  Receptions) 


and/or  Venture  Capital  Professional 

□  $1 ,690  (after  February  28,  2005) 
General  Conference  Package 
(includes  General  Conference  Sessions, 
Expo,  Meals  &  Receptions) 


□  I  am  a  qualified  member  of  the  press.  I  can  verify  my  press  credentials. 
Press  should  call  Marenghi  Public  Relations  at  1-781-915-5000  to  register. 

Please  fax  this  completed  application  to  1-508-820-8254 


Payment  Method 

□  Check  (checks  must  be  received  by  March  21, 2005  payable  to:  Computerworld) 
Mail  to:  Computerworld,  Attn:  Michael  Meleedy,  One  Speen  Street  Framingham,  MA  01701 

□  American  Express  □  VISA  □  MasterCard 

Account  Number: _ 

Expiration  Date: _ 

Card  Holder  Name: _ 

Signature  of  Card  Holder: _ 

Cancellation  Policy  (All  of  the  following  require  written  notification  by  March  21,  2005.) 

In  the  event  of  cancellation,  the  registrant  has  three  options: 

1)  He  or  she  may  substitute  another  attendee  for  this  conference. 

2)  He  or  she  may  transfer  this  registration  to  the  Storage  Networking  World  Fall  2005  conference. 

3)  The  registration  fee  will  be  refunded,  less  a  $250  service  charge  (if  written  notice  is  received  by  March  21. 2005). 
Please  send  cancellation  requests  via  email  to:  snwreg@computerworld.com 
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coming  into  one  central  station,”  says 

Patterson. 

Security  information  management 
(also  called  security  event  manage¬ 
ment,  or  SEM)  is  an  outgrowth  of  the 
event  logs  that  managers  used  for  net¬ 
work  management  but  is  tailored  to 
gather  data  from  security  devices. 

“The  big  differentiator  is  that,  in  ad¬ 
dition  to  all  the  logs,  a  SIM  can  intake 
data  from  devices  that  don’t  generate 
logs  or  that  generate  robust  but  very 
specific  proprietary  information,”  says 
Gartner  analyst  Amrit  Williams. 

One  of  the  key  functions  is  to  reduce 
the  number  of  false  or  inconsequential 
alerts  that  employees  must  review. 

“We  began  implementing  intrusion- 
detection  systems  a  few  years  ago,” 
says  Chris  Rein,  chief  of  infrastructure 
and  production  services  for  the  New 
Jersey  Office  of  Information  Technolo¬ 
gy.  “The  volume  of  data  would  over¬ 
whelm  any  person  or  small  group 
looking  at  it.” 

Rein’s  experience  is  far  from  unique. 
Ulises  Castillo,  CEO  of  Scitum  SA,  a 
managed  security  service  provider  in 
Mexico  City,  says  that  he  feeds  3  mil¬ 
lion  to  10  million  events  per  day  from 
the  350-plus  devices  he  manages  into 
his  Security  Threat  Manager  3  SIM 
from  OpenService  Inc.  in  Westboro, 
Mass.  In  doing  so,  he  reduces  the  num¬ 
ber  of  alerts  by  a  factor  of  10,000. 

Dan  Lukas,  lead  security  architect  at 
Aurora  Health  Care,  a  Milwaukee- 
based  provider  with  30,000  employees 
at  13  major  hospitals  and  several  hun¬ 
dred  clinics  and  pharmacies,  says  that 
depending  on  the  time  of  day,  his  com¬ 
pany  receives  as  many  as  5,000  to 
10,000  events  per  second.  He  uses  In- 
tellitactics  Network  Security  Manager 
from  Intellitactics  Inc.  in  Reston,  Va., 
to  visualize  the  source  of  problems. 

“We  can  play  events  back  and  see 
what  devices  it  is  hitting  and  track  it 
back,”  says  Lukas.  “We  have  quite  a  few 
thousand  switches  out  there,  but  we 
are  getting  to  the  point  where  we  can 
see  which  port  in  the  entire  network  a 
situation  is  coming  from.” 

Companies  looking  to  install  SIM 
systems  have  a  choice  between  server- 
based  software  and  appliances.  The 
New  Jersey  government  chose  the  lat¬ 
ter  option.  It  uses  PN-MARS  appli¬ 
ances  from  Protego  Networks  Inc., 
which  was  recently  acquired  by  Cisco. 
Rein  says  the  state  started  with  a  few 
appliances  for  testing  and  is  now  pur¬ 
chasing  more  to  put  its  WAN  under 
complete  surveillance.  Beyond  that,  it 
will  enter  into  agreements  with  agen¬ 
cies  to  set  up  more  specific  and  granu¬ 


lar  monitoring  of  internal  networks. 

“Staff  feels  strongly  that  it  has  helped 
them  improve  their  productivity  level, 
since  they  don’t  have  to  mitigate  as 
many  issues  as  they  experienced  be¬ 
fore,”  says  Anna  Thomas,  New  Jersey’s 
chief  of  strategic  development  and  dig¬ 
ital  communications. 

Bezeq  took  the  software  approach. 
The  company  runs  CA’s  eTrust  SCC  on 
a  server  sitting  on  a  separate  security 
network  that  monitors  two  production 
networks  —  one  for  customer  services 


The  Market 
And  the  Players 

According  to  Gartner,  the  worldwide  SIM 
market  had  grown  to  $100  million  by 
2003.  The  Stamford,  Conn.-based  re¬ 
search  firm  also  estimated  that  20%  of 
Fortune  1,000  companies  were  using  se¬ 
curity  management  software  in  that  year 
and  that  vendors  would  double  their  in¬ 
stalled  bases  in  2004. 

The  SIM  market  is  divided  into  two  main 
categories.  First,  there  are  vendors  that 
specialize  in  SIM,  such  as  OpenService, 
netForensics,  Intellitactics,  ArcSight  and 
Network  Intelligence  Corp.  Then  there  are 
larger  companies  that  sell  SIM  products  to 
complement  their  other  management  or 
security  offerings.  They  include  Computer 
Associates,  IBM’s  Tivoli  Software  unit, 
Symantec  Corp.  and  NetlQ  Corp. 

The  smaller  vendors’  products  generally 
offer  more  complete  sets  of  features.  But 
the  larger  companies  offer  products  that 
are  interoperable  with  their  other  offerings 
and  that  they  can  sell  to  their  existing 
clientele. 

-  Drew  Robb 


and  another  for  internal  operations. 

Feldman  says  that  having  the  SCC 
has  given  him  better  visibility  into  the 
types  of  attacks  on  his  network  and 
where  they  are  hitting.  For  example,  he 
once  spotted  a  recently  fired  employee 
attempting  to  gain  access  to  a  sensitive 
server.  Another  time,  the  data-correla- 
tion  feature  detected  a  virus  starting  to 
spread,  allowing  Feldman’s  staff  to  dis¬ 
connect  the  subnet  to  stop  it. 

Setting  Expectations 

Implementing  a  SIM  is  a  major  under¬ 
taking.  Installing  the  software  or  appli¬ 
ance  itself  is  generally  simple  enough, 
but  setting  up  the  desired  monitoring 
and  reducing  the  number  of  false  posi¬ 
tives  takes  work. 

“When  [companies]  embark  on  a 
large  SIM  project  —  about  300-plus 
audit  sources/nodes  —  they  should  put 
aside  at  least  $50,000  in  services  bud¬ 
get  for  the  vendor  or  a  competent  third 
party  to  come  in,  install  and  tune  for 
appropriate  business  requirements,” 
says  Paul  Proctor,  an  analyst  at  Meta 
Group  Inc.  “Deployments  involving 
over  1,000  monitored  nodes  are  usually 
multiyear  efforts,  so  set  realistic  ex¬ 
pectations  and  project  goals.” 

John  Summers,  Unisys  Corp.’s  global 
director  for  managed  security  services, 
is  engaged  in  just  such  a  large-scale 
project.  He’s  installing  ArcSight  Inc. 
software  at  his  company’s  three  securi¬ 
ty  operations  centers,  which  manage 
security  for  200  customers  in  addition 
to  handling  Unisys’  own  needs.  The  in¬ 
stallation  began  in  June  2003,  and  Sum¬ 
mers  expects  to  be  able  to  view  securi¬ 
ty  events  on  a  global  scale  sometime  in 
the  first  half  of  this  year.  He  can  al¬ 
ready  manage  customers  on  an  individ¬ 


ual  or  regional  basis  and  has  been  able 
to  detect  zero-day  attacks  on  one  cus¬ 
tomer  and  harden  the  defenses  of  other 
customers  before  they’re  hit.  “The  only 
way  to  do  that  is  to  have  a  platform  that 
can  do  complex  pattern  detection 
across  a  heterogeneous  infrastructure 
and  across  time,”  says  Summers. 

Michael  Gabriel,  corporate  IT  secu¬ 
rity  manager  at  Career  Education 
Corp.  (CEC)  in  Hoffman  Estates,  Ill., 
recently  installed  netForensics  soft¬ 
ware  to  meet  the  auditing  require¬ 
ments  of  the  Sarbanes-Oxley  Act.  “It’s 
a  bit  of  a  challenging  environment, 
since  we  run  a  number  of  separate 
Active  Directory  forests,”  he  says.  “We 
have  a  collector  device  in  each  AD  for¬ 
est,  which  collects  the  events  from  the 
Windows  Domain  Controllers,  fire¬ 
walls  and  IDSs  and  sends  these  to  a 
centralized  netForensics  collector.” 

To  meet  the  regulatory  deadline, 
CEC  purchased  five  days  of  consulting 
time  to  quickly  get  the  netForensics 
software  up  and  running.  That  was 
enough  to  establish  compliance,  but 
Gabriel  says  he  still  has  a  lot  of  work  to 
do  to  fully  use  the  system’s  functions. 

“It’s  a  complex  system,  and  you  will 
get  out  of  it  what  you  put  into  it,”  he 
says.  “I  still  feel  we  have  just  scratched 
the  surface  of  its  capabilities.” 

Part  of  what  companies  must  put  in 
is  the  work  to  ensure  data  quality.  “SIM 
suffers  from  a  huge  garbage  in/garbage 
out  problem,  and  most  of  the  data  col¬ 
lected  by  enterprises  is  garbage,”  says 
Meta  Group’s  Proctor.  “They  don’t 
usually  realize  this  until  after  spending 
several  hundred  thousand  dollars  on  a 
huge  monitoring  infrastructure  only  to 
realize  they  are  deriving  no  benefit.” 

Like  other  types  of  management  soft¬ 
ware,  SIM  is  only  a  tool.  It  can  assist 
your  security  personnel  in  better  secur¬ 
ing  the  enterprise,  but  it’s  not  a  replace¬ 
ment  for  their  perception  and  skills. 

“You  automate  data  collection,  data 
correlation,  data  search  —  the  tasks 
that  are  boring  and  suitable  for  com¬ 
puters,”  says  Bruce  Schneier,  an  author 
and  chief  technology  officer  at  Coun¬ 
terpane  Internet  Security  Inc.  in 
Mountain  View,  Calif.  “But  you  can’t 
automate  intelligence,  and  you  can’t 
automate  creative  thinking.”  O  52131 


Robb  is  a  Computerworld  contributing 
writer  in  Los  Angeles.  Contact  him  at 
drewrobb@attbi.com. 


SIM  FOR  THE  LITTLE  GUY 

Expensive  SIM  systems  are  primarily  used  by  big 
corporations,  but  there  are  options  for  smaller  firms: 

QuickLink  52134 
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IBM  recommends  Microsoft®  Windows®  XP  Professional 


IBM  ThinkPad  R  Series 
(model  not  featured) 


GO  with  IBM  Think  Express  Program 

IBM  Think  Express  models  are  configured  and  priced 
.  with  small  to  medium-size  businesses  in  mind. 


IBM  rated  #1  in  tech  support  for  desktops 
and  notebooks  by  PC  Magazine  readers. 
PC  Magazine  17th  Annual  Reader 
Satisfaction  Survey  -  July  14,  2004 


■Availability:  All  otters  subject  to  availability.  IBM  reserves  the  right  to  alter  product  offerings  and  specifications  at  any  time,  without  notice.  IBM  is  not  responsible  for  photographic  or  typographic  errors.  ‘Pricing:  does  not  include  tax  or  shipping  and  is  subject  to  change- 
without  notice.  Reseller  prices  may  vary  Warranty:  For  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information,  P.0.  Box  12195,  RTP,  NC  27709,  Attn:  Dept  JDJA/B203.  IBM  makes  no  representation  or  warranty  regarding  third-party  products  or  services. 
Footnotes:  (1)  Embedded  Security  Subsystem:  requires  software  download.  (2)  Mobile  Processor:  Power  management  reduces  processor  speed  when  in  battery  mode.  (3)  Wireless  11a,  11b  and  11g:  based  on  IEEE  802.11a,  802.11b  and  802.1 1g.  respectively.  An 
adapter  with  lla/b,  1 1  b/g  or  lla/b/g  can  communicate  on  either  or  any  of  these  listed  formats  respectively;  the  actual  connection  will  be  based  on  the  access  point  to  which  it  connects.  (4)  Included  software:  may  differ  from  its  retail  version  (if  available)  and  may  not 
include  user  manuals  or  all  program  functionality.  License  agreements  may  apply.  (5)  Memory:  For  PCs  without  a  separate  video  card,  memory  supports  both  system  and  video.  Accessible  system  memory  is  up  to  64MB  less  than  the  amount  stated,  depending  on  video 
mode  (6)  Hard  drive:  GB  =  billion  bytes.  Accessible  capacity  is  less;  up  to  4GB  is  service  partition.  (8)  Limited  warranty:  Support  unrelated  to  a  warranty  issue  may  be  subject  to  additional  charges.  (9)  ServicePac  services:  are  available  lor  machines  normally  used  for 
business,  professional  or  trade  purposes,  rather  than  personal,  family  or  household  purposes.  Service  period  begins  with  the  equipment  date  of  purchase.  Service  levels  are  response-time  objectives  and  are  not  guarantees.  If  the  machine  problem  turns  out  to  be  a 
Customer  Replaceable  Unit  (CRU),  IBM  will  express  ship  the  part  to  you  for  quick  replacement.  Onsite  24x7x2-hour  service  is  not  available  in  all  locations.  For  ThinkPad  notebooks  requiring  LCD  or  other  component  replacement,  IBM  may  choose  to  perform  service  at 


TECHNOLOGY 


Put  a  solid  barrier  between  your 

wireless  PC  and  thieves  .  Select  IBM  wireless 

ThinkPad®  notebooks,  like  the  ThinkPad  X40  featured  to  the  right,  offer 
an  added  layer  of  data  protection  —  a  vaultiike  combination  of  a  built-in 
security  chip  and  sophisticated  data  encryption  software?  In  fact,  it’s 
so  advanced,  it  actually  makes  data  unreadable  if  tampered  with. 
And  only  IBM  offers  PCs  with  this  level  of  security  as  a  standard  feature. 


IBM  ThinkPad  R50e 

Ultimate  Value 

Distinctive  IBM  Innovations: 

•  IBM  Rescue  and  Recovery™  -  One-button 
recovery  and  restore  solution 

•  IBM  Access  Connections  -  switch  between 
wired  and  wireless  connections 

System  Features: 

•  Intel®  Centrino™  Mobile  Technology 

•  Intel®  Pentium®  M  Processor  725  (1 ,60GHz)2 

•  Intel®  PRO/Wireless  Network  Connections  802.1 1  b/g3 

•  Microsoft  Windows  XP  Professional" 

•15"  XGA  TFT  display  (1024x768) 

•  256MB  DDR  SDRAM5 

•  30GB  hard  drive6 

•  CD-RW/DVD-ROM  combo 

•  IBM  UltraConnect™  Antenna  for  increased 
signal  strength 

•  1-yr  system/battery  limited  warranty8 


Plus,  with  Intel®  Centrino™  Mobile  Technology  and  on-the-fly  folder 


encryption,  users  can  work  wherever  they  please,  knowing  that  their 


data  will  be  protected.  No  matter  who’s  lurking  around. 


Instead 


of  a  welcome  mat. 


Embedded  Security  Subsystem.  Only  on  a  ThinkPad. 

1  866  426-5918  ibm.com/shop/m562 


NavCode  1842HRU-M562 
THINK  EXPRESS  MODEL  PRICED  AT: 


$1,269* 


$45/mo  for  36  months 
SuccessLease  for  Small  Business19 

ServicePac®  Service  Upgrade:9 
3-yr  Depot  Repair  #30L91 92  $132 


IBM  ThinkPad  X40 

Our  thinnest  and  lightest 

Distinctive  IBM  Innovations: 

•  IBM  Embedded  Security  Subsystem  2.0 

•  IBM  Rescue  and  Recovery™  - 
One-button  recovery  and  restore  solution 

System  Features: 

•  Intel®  Centrino™  Mobile  Technology 

•  Intel®  Pentium®  M  Processor  ULV  1.10GHz 

•  Intel®  PRO/Wireless  Network  Connection  802.11  b/g 

•  Microsoft  Windows  XP  Professional 
•12.1"  XGA  TFT  display  (1024x768) 

•  256MB  DDR  SDRAM 

•  20GB  hard  drive 

•  Integrated  Gigabit  Ethernet  and  modem 

•  Legendary  IBM  full-size  keyboard10 

•  Only  .94“  thin11 

•  2.7-lb  travel  weight12 

•  1-yr  system/battery  limited  warranty8 


NavCode  2386A4U-M562 

THINK  EXPRESS  MODEL  PRICED  AT: 


$1,499* 


$53/mo  for  36  months 
SuccessLease  for  Small  Business 


the  depot  repair  center.  Calls  must  be  received  by  5pm  local  time  in  order  to  qualify  for  Next  Business  Day  service.  (10)  Full-size  keyboard:  As  defined  by  ISO/IEC  15412.  (11)  Thinness:  may  vary  at  certain  points  on  the  system  (12)  Travel  weight:  includes  battery  and 
optional  travel  bezel  instead  of  standard  optical  drive  in  Ultrabay  bay.  If  applicable:  weight  may  vary  due  to  vendor  components,  manufacturing  process  and  options.  (19)  SuccessLease:  SuccessLease  program,  rates  and  terms  are  provided  by  third-party  financiers 
approved  by  IBM  Global  Financing  to  credit-qualified  business  customers  installing  in  the  U.S.  Featured  monthly  lease  payments  based  on  prespecified  end-of-lease  purchase  option;  documentation  fee  and  first  month's  payment  due  at  lease  signing:  taxes  are  additional 
Options  cannot  be  leased  separately.  IBM  and  IBM  Global  Financing  reserve  the  right  to  alter  product  offerings,  specifications  or  financing  terms  at  any  time,  without  notice.  Trademarks:  The  following  are  trademarks  or  registered  trademarks  of  IBM  Corporation:  IBM, 
the  IBM  logo,  Rapid  Restore,  Rescue  and  Recovery,  ThinkPad,  Ultrabay,  UltraConnect  and  UltraNav.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation.  Intel.  Intel  Xeon,  Intel  Inside,  Intel  Inside  logo,  Intel  Centrino,  Intel  Centrino  logo,  Intel 
SpeedStep  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks  of  other  companies  ©  2004  IBM  Corporation 
All  rights  reserved. 

Visit  www.lbm.com/pc/itlecomputing  periodically  for  the  latest  information  on  safe  and  effective  computing. 
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ITbased  operations  research  builds 
better  supply  chains  at  Procter  & 
Gamble.  By  Gary  H.  Anthes 


www.computerworld.com 


Operations  research,  the 

application  of  modeling 
and  mathematics  to  busi¬ 
ness  problems,  had  had  a 
checkered  history  at  The 
Procter  &  Gamble  Co. 
since  it  was  first  tried  in 
1968.  That  all  changed  in  1993,  when 
P&G  hit  a  financial  home  run  using  the 
process  and  operations  research  (OR) 
leapt  to  prominence  at  the  company. 

In  the  early  1990s,  the  maker  of  Pam¬ 
pers  diapers,  Pert  shampoo,  Pringles 
potato  chips  and  nearly  300  other  con¬ 
sumer  products  decided  to  look  broad¬ 
ly  and  deeply  into  its  entire  North 
American  manufacturing  and  distribu¬ 
tion  network,  and  it  tapped  two  IT 
staffers  to  join  a  team  charged  with  re¬ 
ducing  supply  chain  costs  and  improv¬ 
ing  efficiency.  The  project  team  devel¬ 
oped  computer  models  that  pointed  the 
way  to  a  supply  chain  restructuring  that 
would  consolidate  P&G’s  North  Ameri¬ 
can  plants  by  20%  and  lower  supply 
chain  costs  by  $200  million  a  year. 

“That  project  planted  a  seed,”  recalls 
Glenn  Wegryn,  one  of  the  analysts  on 
the  project  and  now  associate  director 
of  P&G’s  17-person  OR  group,  known 
as  IT  Global  Analytics.  “It  really  was  a 
wake-up  call  about  the  capability  you 
could  provide  by  using  OR  tools  tied  to 
a  deep  understanding  of  how  P&G’s 
operations  worked.” 

While  many  companies  put  OR  in 
their  engineering  or  research  depart¬ 
ments,  P&G  put  its  OR  group  in  its  IT 
shop,  “IT  is  one  of  the  very  few  organi¬ 
zations  within  a  company  that  has  true 
end-to-end  visibility  into  all  the  opera¬ 
tions  of  the  company,”  says  Wegryn. 
“Part  of  our  success  is  that  we  are  a 
crossover  capability;  we  have  as  much 
business  knowledge  as  we  do  knowl¬ 
edge  of  our  instruments  and  tools.” 

Wegryn’s  group  works  on  some  100 
projects  a  year  and  has  worked  in 
every  P&G  product  category  and  geo¬ 
graphic  region.  Most,  but  not  all,  of  the 
problems  considered  by  Global  Ana¬ 
lytics  can  be  thought  of  as  supply 
chain  questions:  How  many  plants 
should  there  be  for  this  new  product, 
and  where?  Where  should  distribution 
centers  be  located?  What’s  the  opti¬ 
mum  transportation  network?  How 
can  we  deliver  faster  and  better  to 
these  particular  customers? 

Global  Analytics  has  no  fixed  annual 
budget;  instead,  it  must  find  internal 
clients  willing  to  fund  its  services.  We¬ 
gryn  is  guarded  about  the  financial  re-  - 
suits  of  individual  projects,  but  he  will 
say  that  he  aims  to  save  P&G  10  times 
his  group’s  salary  costs  on  OR  projects. 
“We  far  exceed  that  goal,”  he  adds. 
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P&G  applies  IT-assisted  analytic 
techniques  in  three  broad  areas.  First, 
it  uses  optimization  models  to  deter¬ 
mine  how  best  to  allocate  supply  chain 
resources,  most  often  on  the  basis  of 
net  present  value. 

Second,  simulation  models  allow 
P&G  to  mathematically  try  out  various 
options  to  see  how  they  might  play  out 
over  time,  and  to  test  the  sensitivity  of 
results  to  changes  in  key  variables.  Sim¬ 
ulation  and  optimization  models  are  of¬ 
ten  used  together.  An  optimization 
model  may  point  to  an  option  that  is 
further  evaluated  and  tweaked  by  simu¬ 
lating  how  a  supply  chain  would  behave 
under  that  option  and  how  stable  it  is. 

“We’ve  found  that  the  success  of  a 
supply  chain  is  not  necessarily  operat¬ 
ing  at  the  absolute  optimal  solution,  but 
operating  at  one  of  the  more  robust  so¬ 
lutions  in  the  real  world,”  says  David 
Dittmann,  a  Global  Analytics  manager. 

Third,  the  company  uses  decision 
analysis,  which  involves  the  use  of 
techniques  such  as  decision  trees  that 
combine  the  probabilities  of  various 
outcomes  and  their  financial  results. 

Levels  of  Complexity 

P&G’s  models  are  implemented  in  sev¬ 
eral  ways,  depending  on  the  complexi¬ 
ty  of  the  problem.  Some  are  written  in 
Microsoft  Excel,  which  is  often  pushed 
way  beyond  the  capabilities  of  simple 
spreadsheets  by  commercially  avail¬ 
able  add-ons.  For  example,  P&G  some¬ 
times  uses  What’sBest  from  Lindo  Sys¬ 
tems  Inc.  in  Chicago  to  build  large- 
scale  optimization  models  within  a 
spreadsheet.  Another  favorite  is  Pre- 
cisonTree,  a  tool  for  building  decision 
trees  inside  spreadsheets,  from  Pal¬ 
isade  Corp.  in  Newfield,  N.Y. 

P&G  also  uses  stand-alone  OR  pack¬ 
ages,  such  as  Xpress-MP  from  Dash  Op¬ 
timization  Inc.  in  Englewood  Cliffs,  N.J., 
and  Cplex  from  Hog  Inc.  in  Mountain 
View,  Calif.,  which  are  for  constructing 
optimization  models.  It  uses  Extend 
from  San  Jose-based  Imagine  That  Inc. 
for  building  simulation  models.  Ditt¬ 
mann  says  some  of  the  packages  require 
programming  —  coding  rules  to  define 
objectives  and  constraints,  for  example. 

While  the  models  are  developed  by 
Dittmann  and  others  in  Global  Analyt¬ 
ics,  the  data  is  maintained  and  served 
up  by  traditional  IT  resources.  Most  of 
the  information  comes  out  of  a  25TB 
Oracle  data  warehouse  called  Source- 
One,  which  contains  36  months  of  sup¬ 
plier,  manufacturing,  customer  and 
consumer  histories  by  region. 

But  it  would  be  a  mistake  to  give  all 
the  credit  for  the  success  of  OR  at  P&G 
to  higher  math  and  clever  algorithms 
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churning  through  terabytes  of  informa¬ 
tion.  “What’s  really  the  key  to  OR  is 
not  just  the  technical  side;  it’s  also  the 
very  deep  understanding  of  how  a 
business  operates,”  Wegryn  says. 

Indeed,  the  OR  people  at  P&G  say 
their  skills  as  business  consultants  can 
make  all  the  difference.  Joel  Kahn,  a 
section  manager  in  Global  Analytics, 
says  he  helps  his  internal  customers 
move  their  problems  “from  the  gut  to 
the  head.”  He  often  begins  OR  projects 
by  asking  his  customers  these  ques¬ 
tions:  What  are  you  trying  to  decide? 
On  what  measure  will  you  base  a  deci¬ 
sion?  What  are  the  options?  What’s 
bothering  you,  and  what’s  uncertain? 

Kahn  helps  users  answer  those  ques¬ 
tions  in  a  meeting  that  typically  lasts  a 
day  or  less.  A  six-month  project  to  de¬ 
velop  and  run  sophisticated  models  may 


come  next,  but  not  always.  Says  Kahn, 
“About  one  out  of  five  or  six  times,  peo¬ 
ple  say,  ‘Now  I  understand  it.  I  don’t 
need  to  do  any  more  analysis.  I  didn’t 
realize  my  options  were  so  simple.’  ” 

Jean  Kinney,  a  purchasing  manager 
at  P&G,  tells  of  the  launch  of  a  new 
global  health  care  product  whose  suc¬ 
cess  hinged  on  the  careful  choice  of 
plant  locations  and  sources  of  raw  ma¬ 
terials.  “It  was  extremely  complicated, 
and  there  were  literally  millions  and 
millions  of  possibilities,”  she  recalls. 

“If  you  went  to  the  managers  in  the 
countries  that  would  be  marketing  this 
product,  they’d  all  say,  ‘Well,  the  plant 
should  be  located  in  my  country.’  But  if 
you  talked  to  some  of  the  corporate  ex¬ 
perts,  they’d  say,  ‘But  scale  is  important. 
You  should  build  one  big  megaplant 
somewhere.’  And  there  were  millions  of 
options  in  between.  So  how  do  you 
come  up  with  the  best  approach?  Mod¬ 
eling  techniques  allowed  us  to  do  that.” 

To  help  Kinney  solve  the  problem, 
Global  Analytics  constructed  Excel- 
based  models  using  Lindo’s  What’sBest 
for  optimization  and  the  Palisade’s 
@Risk  add-on  module  for  Monte  Carlo 
simulation,  in  which  values  for  uncer¬ 
tain  variables  are  randomly  generated. 
The  models  sought  to  maximize  net 
present  value  and,  for  each  country, 
considered  manufacturing  costs,  freight 
costs,  taxes,  import/export  duties,  local 
wage  rates,  cost  of  capital  and  more. 


“At  the  beginning  of  the  project,  I 
asked  all  the  team  members  to  write 
down  where  [they  thought]  we  would 
end  up  —  how  many  plants,  and  where 
would  they  be  located,”  Kinney  says. 
“No  one  came  close.” 

Michael  Policastro  is  director  of  cus¬ 
tomer  service  and  logistics  for  P&G 
Global  Beauty  Care,  and  he  says  he  has 
not  one  supply  chain  to  worry  about 
but  hundreds  —  combinations  of  sup¬ 
pliers,  manufacturing  facilities  and 
markets.  “And  if  you  multiply  that  by  10 
or  15  new  initiatives  or  product  launch¬ 
es  a  year,  it  quickly  mushrooms  into  a 
hugely  complex  work  process  to  design 
all  those  supply  chains,”  he  says.  “Then 
there’s  the  range  of  options  open  to  you 
[in  each]  supply  chain,  so  you  leverage 
IT  to  help  you  with  that  process.” 

P&G  has  dozens  of  beauty  care 
products,  each  coming  in  multiple 
sizes  and  package  designs.  Change  is 
constant,  and  the  tiniest  modification 
can  ripple  through  the  supply  chain.  “A 
simple  cap  change  may,  for  example, 
only  be  sourced  from  a  Chinese  suppli¬ 
er,  and  now  I’ve  added  60  days  to  my 
supply  chain  time,”  Policastro  says. 
“What  does  that  do  to  inventory  levels, 
service  levels,  costs  and  so  on?” 

The  complexity  of  his  supply  chains 
and  the  consequent  need  for  automat¬ 
ed  OR  techniques  will  only  grow,  says 
Policastro,  as  P&G  increasingly  tries  to 
address  the  needs  of  each  of  the  retail¬ 
ers  it  works  with,  as  well  as  the  needs 
of  different  groups  of  consumers.  “A 
Wal-Mart  hair-care  shopper  may  not 
have  the  same  needs  as  a  Target  shop¬ 
per,”  he  says.  “We  are  now  going 
through  customer  and  channel  differ¬ 
entiation  and  are  marrying  that  with 
greater  consumer  insights. 

“Having  worked  with  Global  Analyt¬ 
ics  for  a  couple  of  years,  I  think  they 
embody  the  term  IT  —  information 
technology  —  very  well  in  the  sense 
that  they  couple  not  just  the  technolo¬ 
gy  of  analytics,  modeling  and  options 
analysis  with  information,  but  also 
with  the  knowledge  of  key  supply 
chain  information  such  as  import  du¬ 
ties,  the  latest  tariff  regulations,  trends 
in  labor  costs,  and  P&G  manufacturing 
principles,”  Policastro  says. 

He  says  it’s  good  that  Global  Analytics 
must  fund  itself  by  finding  paying  cus¬ 
tomers  inside  the  company.  That  way, 
he  explains,  “their  survival  depends  on 
the  quality  of  their  services.”  ©  52126 


OPERATIONS  RESEARCH  TECHNIQUES 
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Operations  Research:  It’s  Not  Just 
For  Supply  Chains  Anymore 


MOST  APPLICATIONS  of  OR  at  P&G  are 

in  manufacturing  and  distribution,  where 
processes  are  well  defined  and  where  small 
changes  can  sometimes  have  big  financial 
impacts.  But  the  company  has  applied  OR 
in  softer  areas  as  well. 

For  example,  P&G  recently  used  predictive 
modeling  to  help  human  resources  managers 
understand  the  impact  of  a  rapid  increase  in 
the  number  of  midlevel  managers  in  the 
company's  7,000-person  research  and  de¬ 
velopment  group.  In  that  case,  Global  Analyt¬ 
ics  constructed  a  model  based  on  a  tank- 
flow  analogy,  with  pipes,  valves  and  tanks 
representing  the  flow  of  people  from  position 
to  position  based  on  hiring,  promotions  and 
attrition.  A  probability  model  built  in  Excel 
simulated  the  flow  of  people  through  the 
organization  and  allowed  users  to  test  the 
effects  of  alternate  personnel  policies. 

Brenda  Stephens,  a  senior  HR  manager 
for  R&D,  says  the  model  revealed  that  P&G 
would  have  to  slow  the  rate  of  promotions 
into  the  midlevel  employment  band  in  order 


to  keep  everything  in  balance. 

Glen  Schmidt,  a  professor  of  operations 
and  information  management  at  Georgetown 
University,  says  P&G  is  noteworthy  in  its  use 
of  OR  not  just  in  operational  areas,  such  as  in¬ 
ventory  control,  but  in  marketing,  human  re¬ 
sources  and  other  less  traditional  areas.  "One 
of  their  strengths  is  that  they  apply  OR  in  many 
ways  in  a  nice,  broad  portfolio  of  applications,” 
he  says.  P&G’s  use  of  OR  is  also  noteworthy 
in  its  inclusion  of  outside  companies  -  sup¬ 
pliers  and  customers  -  in  its  models. 

Schmidt  was  chairman  of  a  committee  of 
the  Institute  for  Operations  Research  and 
the  Management  Sciences,  or  Informs,  that 
awarded  P&G  the  2004  Informs  Prize  for  its 
“integration  of  OR  principles  into  the  deci¬ 
sion-making  structure  of  the  firm." 

Stephens  says  she’ll  run  the  HR  model 
periodically.  It  will  help  her  make  decisions  to 
deal  with  problems,  such  as  the  retirement  of 
an  aging  workforce,  long  before  they  occur. 
“It’s  a  very  powerful  tool,”  she  says. 

-  GaryH.  Anthes 
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Bayesian  Lode 
And  Filters 

[DEFINITION 

Bayesian  logic  is  a  type  of  statistical  analysis  that 
can  quantify  an  uncertain  outcome  by  determin¬ 
ing  its  probability  of  occurrence  using  previously 
known,  related  data.  Bayesian  filters  are  used  in 
spam-control  software  because  they  can  adapt 
over  time  using  new  data. 


BY  RUSSELL  KAY 

ome  say  that  if  you 
can’t  measure  some¬ 
thing,  you’re  not  doing 
science.  Bayesian  logic 
offers  a  way  to  measure  things 
that  were  previously  unmea¬ 
surable,  allowing  us  to  test  hy¬ 
potheses  and  predictions  and 
thereby  refine  our  conclusions 
and  decisions.  Bayesian  filter¬ 
ing  is  a  hot  topic  in  the  area  of 
spam  control  today. 

Basic  probability  is  simple 
to  calculate,  because  you’re 
dealing  with  a  limited  number 
of  factors  and  possibilities. 
Let’s  consider  a  horse  race 
with  10  horses  entered. 

If  that’s  the  only  infor¬ 
mation  we  have  on 
which  to  base  a  wager, 
then  we  could  pick  any 
horse  on  the  basis  that 
its  chance  of  winning 
is  1  in  10,  or  0.10.  Take  that 
kind  of  math  to  the  track,  how¬ 
ever,  and  you’ll  quickly  be  sep¬ 
arated  from  the  contents  of 
your  wallet.  The  real  world  is 
far  more  complicated,  and 
here’s  where  Bayesian  logic 
comes  into  the  picture. 

In  fact,  each  of  the  10  horses 
has  already  run  at  least  a  few 
races  and  therefore  has  a  his¬ 
tory.  If  Lightning  has  won 
every  race  he  has  entered,  and 


Thunder  has  lost  every  one  he 
has  entered,  then  we’ve  got  a 
real  evidential  basis  on  which 
to  bet  on  Lightning  instead  of 
on  Thunder. 

In  fact,  there’s  a  lot  more 
information  available  about 
every  horse  in  the  race.  We 
know  or  can  easily  find  out 
the  following: 

Lineage:  Is  this  horse  the  off¬ 
spring  of  a  champion?  How 
have  his  brothers  and  sisters 
performed? 

Performance  under  different 
weather  conditions:  If  it  rains  in 
the  morning  and  the  track  is 
soft,  how  does  that  affect  his 
speed? 

Position  on  the  track: 

Is  our  horse  next  to  the 
rail  or  on  the  outside? 
And  how  does  the 
horse  react  when  he’s 
in  that  position? 

Length  of  time  since  last  race:  If 
the  horse  ran  a  long,  hard  race 
yesterday,  how  well  is  he  like¬ 
ly  to  run  today? 

Distance  of  today’s  race:  How 
has  the  horse  fared  at  this  dis¬ 
tance  in  the  past? 

Other  people’s  betting  pat¬ 
terns  also  come  into  play. 

They  don’t  affect  how  well  a 
horse  will  perform,  but  they 
have  a  clear  impact  on  the  size 
of  the  payoff  if  he  does  win. 


All  of  this  information  can 
help  us  make  a  better  estimate 
of  our  horse’s  chance  of  win¬ 
ning  than  the  simplistic  1  out 
of  10.  Analyzing  these  factors 
is  a  Bayesian  process. 

Similar  things  are  happen¬ 
ing  in  the  world  of  Major 
League  Baseball  —  ever  the 
province  of  voluminous  statis¬ 
tical  records.  Team  owners 
and  general  managers  are 
using  Bayesian  analysis  when 
they  study  the  way  players 
perform  under  various  condi¬ 
tions  and  in  specific  situations 
and  factor  that  information 
into  their  decisions  about  the 
players  they  want  to  draft  or 
seek  in  trades. 

Bayesian  Antispam 

The  application  of  Bayesian 
logic  to  the  spam  problem  got 
its  start  in  Paul  Graham’s  2002 
paper  “A  Plan  for  Spam”  (www. 
paulgraham.com/spam.html ), 
an  approach  that  was  soon 
adopted  by  numerous  devel¬ 
opers.  Bayesian  spam  filtering 
is  based  on  the  notion  that  the 
presence  of  certain  words  will 
indicate  spam,  while  other 
words  will  identify  a  message 
as  legitimate.  It  has  that  in 
common  with  other  types  of 
scoring-content-based  filters, 
but  with  the  added  advantage 


that  Bayesian  filters  create 
their  own  lists  of  telltale 
words  and  characteristics 
rather  than  working  from  lists 
created  manually. 

A  Bayesian  filter  starts  by 
examining  one  set  of  e-mails 
known  to  be  spam  and  another 
set  known  to  be  legitimate 
(the  prior  knowledge).  It  com¬ 
pares  the  contents  for  both 
sets  —  not  just  the  message 
body,  but  also  header  informa¬ 
tion  and  metadata,  word  pairs 
and  phrases,  and  even  HTML 
code  for  information  such  as 
the  use  of  specific  colors. 

From  this,  it  builds  a  database 
of  words,  or  tokens,  with 
which  it  can  usefully  identify 
future  e-mails  as  spam  or  not. 

Bayesian  filters  take  into  ac¬ 
count  the  whole  context  of  a 
message.  For  example,  many 
spam  messages  contain  the 
word  free  in  the  subject  line, 
but  so  too  do  some  legitimate 
messages.  A  Bayesian  filter 
notes  this  word  but  also  looks 
at  other  tokens  in  the  message, 
because  falsely  identifying  a 
real  message  as  spam  (called  a 
false  positive)  causes  more 
problems  than  letting  some 
spam  through  as  legitimate. 

According  to  proponents, 
less  than  1%  of  the  messages 
identified  as  spam  by  Bayesian 
filters  are  false  positives. 

The  Bayesian  spam  filter’s 
real  power,  however,  lies  in  its 
ability  to  learn:  As  the  user 
tags  new  messages,  the  filter 
updates  its  database  to  identi¬ 
fy  new  patterns  of  spam. 

O  52153 
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Bayes  and 
His  Theorem 


Rev.  Thomas  Bayes  (1702- 
1761),  an  English  clergyman,  is 
credited  as  the  author  of  “An 
Essay  Towards  Solving  a  Prob¬ 
lem  in  the  Doctrine  of  Chances.” 
Published  posthumously  in 
1763,  the  paper  set  out  what  we 
now  call  Bayes’  Theorem,  a  for¬ 
mula  for  estimating  the  proba¬ 
bility  that  something  will  occur 
based  on  the  likelihood  of  relat¬ 
ed  but  independent  events.  3  use 
the  term  event  here,  but  we  can 
understand  it  to  signify  the  truth 
of  a  statement  or  proposition, 
such  as  determining  whether  a 
particular  message  is  spam. 

Before  setting  out  the  equa¬ 
tion,  let’s  establish  some  nota¬ 
tion  conventions  from  statistics. 
The  expression  p(A)  refers  to 
the  probability  that  event  A  will 
occur.  When  we  say  p(A|B), 
this  stands  for  “the  probability 
that  event  A  will  happen,  given 
that  event  B  has  already  hap¬ 
pened.”  With  that  notation, 
here  is  Bayes’  Theorem: 


P(A|B)  =  [  p(B|A)  p(A)]/p(B: 


I  suspect  that  most  readers 
won't  find  this  equation  espe¬ 
cially  helpful,  and  I’m  not 
about  to  attempt  mathematical 
derivation;  the  statisticians  al¬ 
ready  know  it.  But  it  does  show 
that  Bayesian  analysis  is  based 
on  calculations  that  make  use 
of  prior  knowledge. 

For  a  much  more  thorough 
explanation,  read  Eliezer  Yud- 
kowsky’s  clear,  detailed,  step- 
by-step  online  tutorial,  “An  In¬ 
tuitive  Explanation  of  Bayesian 
Reasoning:  Bayes’  Theorem  for 
the  curious  and  bewildered;  an 
excruciatingly  gentle  introduc¬ 
tion”  (http://yudkowsky.net/ 
bayes/bayes.html ).  It’s  long  - 
you  should  set  aside  at  least  a 
half  hour  to  study  it -but  be  pa-  . 
tient,  and  when  you’re  finished, 
you’ll  have  a  good  understand¬ 
ing  of  things  Bayesian. 

-Russell  Kay 
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Profiles  in  Business  Mobility  Deploying  Your  Team 


Enable  better  teamwork, 
wherever  your  team  needs  to  work. 


y  ’  Is  Business  can  happen  anytime,  ^ 


0  anywhere.  And  with  Nokia, 
you’ll  have  the  advanced 

p  Nokia  6820  Messaging  Device 

messaging  devices  and  secure  mobile  connectivity 
offerings  you  need  to  make  sure  your  team  arrives  fully 
connected— and  ready  to  work.  So  whether  you’re  deploying 
a  team  for  a  big  presentation,  setting  up  a  remote  office, 
or  visiting  a  customer,  Nokia  mobility  solutions  ensure  that  your 
team  can  hit  the  ground  running.  I”” 
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Learn  more  about  applying  a  mobility 
strategy  to  your  business.  Download  the 
‘Small  Change,  Big  Impact”  white  paper  at 

nokiaforbusiness.com 
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Keeping  Wireless 
fiogues  in  Check 


After  months  of  testing  and  taking  budget 
constraints  into  consideration,  our  security 
manager  comes  up  with  a  wireless  policy. 
By  Mathias  Thurman 


finally  settled  on  a  strat¬ 
egy  for  wireless  security. 

As  wireless  access  points 
began  appearing  on  our 
company’s  network,  we  config¬ 
ured  them  with  Cisco’s  Light¬ 
weight  Extensible  Access  Pro¬ 
tocol.  (See  my  Nov.  8  column, 
“Taking  the  Leap  to  PEAP  for 
Wireless,”  QuickLink  50430.) 
LEAP  forces  users  to  authenti¬ 
cate  to  the  access 
point  with  their  enter¬ 
prise  credentials  — 
the  same  credentials 
used  for  virtual  pri¬ 
vate  network  access, 
as  well  as  services 
such  as  payroll  and 
Microsoft  Exchange  e-mail. 
That’s  because  we  use  a  cen¬ 
tralized  directory  that  ties  into 
most  of  our  core  applications 
and  lets  employees  use  a  single 
password  to  sign  on. 

Although  LEAP  works  well, 
we  didn’t  want  to  take  the 
chance  that  those  enterprise 
credentials  would  become 
compromised  if  someone 
hacked  the  wireless  infra¬ 
structure.  So  I  decided  to  use 
Protected  Extensible  Access 
Protocol  (PEAP)  with  RSA 
SecurlD  token  authentication. 
This  combination  requires  a 
wireless  user  to  enter  his  user 
identity  and  his  SecurlD  to¬ 
ken,  which  is  a  personal  iden¬ 
tification  number  followed 
by  a  dynamic  number  that 
changes  every  60  seconds. 
This  way,  even  if  PEAP  is 
compromised  to  the  extent 
that  the  user  ID  is  obtained, 
the  hacker  would  still  need  a 
SecurlD  token  to  gain  access. 

As  I  noted  in  November,  we 
had  to  do  extensive  testing  of 
this  setup.  Our  current  corpo¬ 
rate  standard  is  to  issue  Dell 


laptops  with  the  TruMobile 
client  installed.  Our  testing 
showed  that  the  TruMobile 
client  works  well  with  PEAP, 
SecurlD  and  the  Cisco  access 
points.  Our  small  contingent 
of  Linux  users  will  need  a 
third-party  client  such  as 
Aegis  from  Portsmouth,  N.H.- 
based  Meetinghouse  Data 
Communications,  which  sup¬ 
ports  Linux  and 
PEAP. 

Another  issue 
is  capacity,  since 
there’s  a  limit  to 
how  many  clients 
can  associate  to  a 
single  access  point. 
Until  we  beef  up  our  infra¬ 
structure,  the  plan  is  to  re¬ 
strict  wireless  access  to  users 
who  demonstrate  a  business 
need.  Once  a  user  obtains 
management  approval,  we’ll 
send  him  a  SecurlD  token 
with  instructions  on  how  to 
configure  his  client. 

With  the  PEAP/SecurlD 
portion  of  our  wireless  policy 
in  place,  I  turned  my  attention 
to  evaluating  and  experiment¬ 
ing  with  various  technologies 
for  detecting  rogue  access 
points.  My  decision  had  to  be 
based  on  several  factors,  the 


Because  the 
company  operates 
worldwide,  I  decided 
to  take  both  a  wireless 
and  wired  approach 
to  rogue  access- 
point  detection. 


first  being  money.  Unfortu¬ 
nately,  my  company  is  trying 
to  conserve  resources,  and 
there  just  isn’t  enough  money 
to  outfit  every  remote  office 
with  wireless  sensors. 

Because  the  company  oper¬ 
ates  worldwide,  I  decided  to 
take  both  wireless  and  wired 
approaches  to  rogue  access- 
point  detection. 

On  the  wireless  side,  we 
wanted  to  stick  with  Cisco. 
That  wasn’t  because  it  has 
best-of-breed  wireless  sen¬ 
sors,  but  because  we  already 
have  a  relationship  with  Cisco 
and  are  already  managing 
dozens  of  Cisco  access  points. 
We  also  believe  that  Cisco  will 
eventually  provide  the  type  of 
functionality  we’re  really 
looking  for.  In  addition,  if  we 
use  Cisco  access  points  for 
rogue  access-point  detection, 
there’s  always  the  option  of 
converting  those  devices  back 
to  access  points. 

Enterprise  Searching 

But  we  have  remote  offices 
where  we  can’t  deploy  wire¬ 
less  sensors,  and  we  still  want 
to  be  able  to  discover  the  pres¬ 
ence  of  wireless  access  points 
on  the  wired  ne  twork.  On  an 
enterprise  level,  this  can  be 
accomplished  in  two  ways. 

The  first  is  to  assess  every 
switch  port’s  media  access 
control  address  in  order  to 
find  the  wireless  vendors’  IDs 
(the  first  three  octets  of  the 
MAC  address).  This  isn’t  fool¬ 
proof,  however,  since  some 
wireless  vendors  also  make 
wired  equipment. 

For  example,  Cisco  makes 
both  network  hardware  and 
wireless  access  points.  If  we 
come  across  a  MAC  address 
for  what  looks  like  a  Cisco  de¬ 
vice,  we  could  have  a  false 
positive  for  a  wireless  device. 

Another  problem  with  this 
method  is  that  we  might  not 
have  access  to  every  switch  in 
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our  infrastructure.  In  our 
company,  some  of  the  engi¬ 
neering  departments  manage 
their  own  network  gear. 

The  second  way  to  detect 
wireless  access  points  on  the 
wired  enterprise  network  is  to 
scan  every  IP  address  and  at¬ 
tempt  to  identify  access  points 
by  the  responses  we  get.  If  you 
know  the  signature  of  an  ac¬ 
cess  point,  you’ll  know  when 
your  probing  has  hit  on  one. 
The  problem  is  knowing  those 
signatures.  It  would  be  fairly 
simple  to  write  scripts  that 
would  allow  our  Nessus  scan¬ 
ning  infrastructure  to  look  for 
wireless  signatures,  but  since 
each  vendor  could  have  its 
own  fingerprint,  we’d  have  to 
purchase  every  vendor’s  ac¬ 
cess  points  and  run  tests  to  get 
a  proper  fingerprint.  Unfortu¬ 
nately,  we  just  don’t  have  the 
resources  to  tackle  that  task. 

But  we  do  have  the  re¬ 
sources  to  turn  to  San  Mateo, 
Calif.-based  AirWave  Wireless 
Inc.  Beyond  its  vendor-inde¬ 
pendent,  centralized  wireless 
management  tool,  AirWave 
has  done  all  the  legwork  and 
fingerprinted  more  than  40 
wireless  access  points.  It  then 
built  a  tool,  called  RAPIDS, 
that,  among  other  features, 
scans  the  network  for  those 
fingerprints.  By  conducting 
some  correlation  with  the 
MAC  address  scanning  (which 
AirWave  can  also  accomplish), 
we  can  determine  whether  a 
device  that’s  been  pinpointed 
by  RAPIDS  is  rogue  and  then 
trace  it  back  to  the  switch  port 
to  which  it’s  attached. 

All  of  this  isn’t  a  100%  fix 
for  keeping  rogue  access 
points  in  check,  but  I  feel 
that  the  combined  wired/ 
wireless  approach  will  be 
about  90%  effective.  Over  the 
course  of  the  next  several 
months,  we’ll  deploy  this  tech¬ 
nology  and  I’ll  be  able  to  re¬ 
port  back  meaningful  results.  0 

WHAT  DO  YOU  THINK? 

This  week's  journal  is  written  by  a  real  securi¬ 
ty  manager,  “Mathias  Thurman,"  whose 
name  and  employer  have  been  disguised  for 
obvious  reasons.  Contact  him  at  mathias_ 
thurman@yahoo.com,  or  join  the  discussion 
in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to 

O  computerworld.com/secjournal 
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Security  Bookshelf 

■  Gray  Hat  Hacking:  The  Ethi¬ 
cal  Hacker’s  Handbook,^ 
Shon  Harris,  Allen 
Harper,  Chris  Eagle, 

Jonathan  Ness  and 
Michael  Lester  (Mc¬ 
Graw-Hill  Osborne 
Media,  2004). 

Security  professionals 
should  keep  current 
with  hacking  tools  and 
techniques  in  order  to  prevent 
attacks  and  assess  vulnerabili¬ 
ties.  This  up-to-date  handbook 
offers  information  about  topics 
ranging  from  the  use  of  Etter- 
cap  and  the  writing  and  debug¬ 
ging  of  exploit  code  to  explana¬ 
tions  of  tools  such  as  Core  Im¬ 
pact  and  Immunity  Security 
Canvas.  Questions  test  the 
reader’s  understanding  of 
each  chapter.  Although  I'd  like 
more  on  certain  subjects,  such 
as  writing  Linux  shell  code,  the 
most  important  aspects  of 
each  topic  are  well  covered. 


AOLAimsto 
Secure  Surfing 

America  Online  Inc.  next  week 
plans  to  release  the  first  public 
beta  of  a  browser  designed  to 
protect  users  from  scams  and 
malicious  code  while  surfing 
the  Web.  With  a  frequently  up¬ 
dated  blacklist  of  Web  sites 
stored  on  the  user’s  PC,  Net¬ 
scape  8  will  alert  users  with  a 
red  check  mark  in  the  browser 
tab  to  sites  associated  with 
phishing  or  the  distribution  of 
spyware  or  other  malicious 
code.  Netscape  8  is  based  on 
Moziila  Firefox  but  also  sup¬ 
ports  Microsoft’s  Internet  Ex¬ 
plorer  browser  engine. 


Spyware  on  Rise 

The  most  malicious  forms  of 
spyware  increased  dramati¬ 
cally  in  the  last  three  months 
of  2004,  according  to  the 
SpyAudit  report  from  Earth- 
Link  Inc.  and  Webroot  Soft¬ 
ware  Inc.  From  October  to  De¬ 
cember,  the  instances  of  sys¬ 
tem  monitors  rose  230%, 
while  the  instances  of  Trojan 
horses  rose  114%. 
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ManageSoft  Offers 
Mac  OS  X  Support 

■  ManageSoft  Corp.  in  Boston  has 
begun  providing  support  for  Apple 
Computer  lnc.’s  Mac  OS  X  operat¬ 
ing  system.  The  ManageSoft  sys¬ 
tem  is  used  for  automatic  deploy¬ 
ment,  updating  and  management 
of  software  and  security  patches. 
Support  for  Mac  OS  X  allows  cus¬ 
tomers  with  heterogeneous  envi¬ 
ronments  to  use  a  single  system 
to  manage  their  desktops,  servers 
and  handheld  devices,  the  compa¬ 
ny  said.  The  product  is  priced  at 
$72  per  device. 


Optinuity  Ships  Ops 
Management  App 

■  Optinuity  Inc.  in  Bethesda,  Md., 
is  shipping  C20,  an  operations 
process  management  system.  It 
will  improve  the  control,  speed 
and  reliability  of  application- 
support  activities  by  automating 
administrative  and  problem-reso¬ 
lution  tasks  normally  handled  by 
operations  personnel,  according 
to  the  company.  Pricing  for  C20 
starts  at  $150,000  for  a  multi- 
server  application  environment. 


Dell  Introduces 
Business  Notebooks 

■  Dell  Inc.  last  week  announced 
three  business  notebook  comput¬ 
ers.  The  D410  weighs  3.83  lbs., 
has  an  optional  nine-cell  extended 
battery  and  sells  for  $1,677,  the 
company  said.  The  4.67-lb.  D610 
starts  at  $1,384.  The  D810  fea¬ 
tures  a  15.4-in.  wide-aspect  dis¬ 
play  and  128MB  of  dedicated 
memory  for  graphics.  It  weights 
6.49  lbs.  and  sells  for  $1,549. 


HP  ‘Latch’  Could 
Replace  Transistors 

■  Hewlett-Packard  Co.  research¬ 
ers  last  week  said  they  have  de¬ 
veloped  a  nanometer-size  technol¬ 
ogy  that  may  one  day  replace  the 
transistor  and  shrink  the  size  of 
computers.  Called  the  “crossbar 
latch,”  it  can  perform  functions 
now  handled  by  larger  transistors. 


JIAN  ZHEN 


IT’S  ESTIMATED  that  over  50%  —  some  say  80% 
—  of  all  large  IT  projects  fail.  The  reasons  for 
that  startling  failure  rate  aren’t  mysterious.  Too 
many  companies  make  the  same  mistakes  too 
many  times.  I’ve  identified  five  of  the  most  com¬ 
mon  causes  for  failure.  I’ve  also  come  up  with  some 
questions  your  organization  should  answer  before  it 
starts  a  project,  to  boost  the  chance  of  success. 


1.  The  project’s  real  value 
isn’t  understood.  When  cal¬ 
culating  ROI,  be  sure  to 
have  a  clear  understanding 
of  the  total  cost  of  owner¬ 
ship.  Without  a  concrete 
TCO,  the  ROI  figures  are 
meaningless. 

Understanding  the  vari¬ 
ous  ROI  metrics,  acknowl¬ 
edging  that  these  are  fuzzy 
metrics  and  clearly  defin¬ 
ing  what  the  organization 
expects  from  a  successful 
implementation  will  produce  a  clear 
view  of  the  project’s  value. 

2.  You  don’t  know  your  users.  Who  are 
the  main  users  of  the  technology 
you’re  implementing?  Are  they  busi¬ 
ness  users  or  technical  users,  power 
users  or  casual  users? 

Business  users  are  usually  from 
marketing,  finance  and  other  nontech¬ 
nical  groups  in  the  organization.  They 
want  to  see  summaries,  dashboards, 
charts,  graphs  and  other  reports  that 
enable  them  to  spot  trends. 

Technical  users  are  usually  from  IT, 
security  and  other  operations  groups. 
These  are  the  ones  who  want  all  the 
nitty-gritty  details.  They  want  to  drill 
down  and  diagnose  problems.  They 
perform  the  root-cause  analysis  when 
things  go  wrong. 

Power  users  want  sophisticated  in¬ 
terfaces  and  flexibility.  They  generally 
use  the  system  three  or  four  times  a 
week  or  even  every  day,  and  they  can 
be  anywhere  in  the  organization,  in¬ 
cluding  marketing  and  finance. 

Casual  users  are  on  the  system  once 


a  week  or  less.  They  may 
not  even  log  on  at  all  and 
prefer  to  receive  reports 
via  e-mail. 

3.  Requirements  aren’t  clear¬ 
ly  understood.  The  only  way 
to  identify  real  require¬ 
ments  is  to  talk  to  potential 
users  and  get  the  answers 
to  these  questions:  Are 
your  requirements  based 
on  regulations,  operational 
problems,  performance,  ca¬ 
pacity  optimization  or 
trend  analysis? 

Do  you  have  platform  requirements 
—  Windows?  Linux?  Java?  .Net?  How 
about  requirements  to  integrate  with 
corporate  infrastructure? 

What’s  your  requirement  on  perfor¬ 
mance?  Scalability?  Extensibility? 
Manageability?  Usability?  Security? 

Before  evaluating  any  technology, 
answer  those  questions  in  detail.  Don’t 
choose  a  product  or  create  unreason¬ 
able  requirements  because  of  brand 
loyalty  or  FOE  (friends  of  executives). 

4.  You’ve  limited  your  options.  Too  often, 
companies  decide  that  only  a  commer¬ 
cial  product  will  meet  their  require¬ 
ments,  before  all  the  options  have 
been  evaluated. 

Before  you  jump  to  a  commercial 
solution,  you  should  evaluate  your  re¬ 
sources  and  skills  within  your  own  or¬ 
ganization  and  see  if  you  can  or  should 
go  open-source.  There  are  many  fac¬ 
tors  to  consider  when  choosing  among 
the  commercial,  open-source  or  home¬ 
grown  options. 

Do  you  have  the  resources  (head 
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has  been  in  the  informa¬ 
tion  security  industry  for 
nine  years.  He  can  be 
reached  jkitrustpath.com. 


count)  to  support  whatever  option  you 
choose?  Commercial  products  may 
save  you  some  development  time  and 
head  count,  but  you  may  get  faster  fea¬ 
ture  updates  if  you  have  dedicated  de¬ 
velopers  for  a  homegrown  system. 

Do  your  engineers  have  the  neces¬ 
sary  skills  to  maintain  an  open-source 
product  or  develop  a  homegrown  so¬ 
lution?  This  really  goes  back  to  your 
requirements. 

Even  if  you  have  the  resources  and 
skills  within  your  organization,  can 
you  spare  the  time  from  other  projects? 
What’s  your  budget?  It  will  vary  based 
on  the  executive  sponsor,  the  project’s 
scale,  its  urgency  and  other  factors. 

Knowing  your  requirements  will 
allow  you  to  find  the  right  option  to 
meet  them. 

5.  You  don’t  have  a  clear  understanding  of 
the  products  available.  Many  of  the  IT 
products  out  there  are  strong  in  some 
areas  and  weak  in  others.  Many  ven¬ 
dors  will  tell  you  that  they  are  strong 
in  all  areas.  If  they  tell  you  that,  run 
away  as  fast  as  you  can. 

Tell  the  vendors  about  your  require¬ 
ments.  Ask  them  to  rate  how  well  each 
of  their  products  meets  your  require¬ 
ments.  Ask  for  an  evaluation.  Ask 
them  how  their  software/hardware 
compares  with  that  of  their  competi¬ 
tors.  Ask  them  to  share  their  product 
road  map.  Ask  about  the  support 
structure. 

Never  buy  a  product  without  actual¬ 
ly  using  it.  There’s  no  way  to  tell 
whether  it  meets  your  requirements 
by  looking  at  PowerPoint  slides. 

Try  to  be  open-minded.  There  are 
no  100%  solutions.  Prioritizing  your 
requirements  will  help  you  determine 
which  system  best  fits  your  company. 

Spending  some  time  upfront  will 
help  you  avoid  these  common  prob¬ 
lems  and  allow  you  to  meet  your  real 
requirements.  O  52318 
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“Kyocera’s  advanced  technology  makes  network 
administration,  updating,  and  training  a  snap.” 

Common  driver,  common  interface  makes  business  simple  and  increases 
productivity.  And  NetView™  software  gives  you  one  tool  to  manage 
everything.  If  you’re  looking  for  the  best  in  class  printers,  copiers, 

MFPs,  and  network  solutions,  look  to  Kyocera  for  an 
exceptional  solution. 
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IT  MENTOR 

So  You  Want  to  Be  a  CIO? 

CIO  John  Parker  of  A.G.  Edwards 
offers  a  career  blueprint  for  IT 
professionals  with  their  eyes  on 
the  top  spot.  Page  37 


Think  Tank 

Many  U.S.  Web  sites  fail  to  provide  Spanish- 
language  content  for  the  fast-growing  His¬ 
panic  online  population;  and  a  new  book  says 
competitive  advantage  will  come  from  figur¬ 
ing  out  the  right  mix  of  machines  and  people 
to  improve  customer  service.  Page  36 


OPINION 

Workplace  Obligations 

Trying  to  relate  to  your  boss  can  tear 
you  up  and  tucker  you  out  without 
accomplishing  much.  Paul  Glen 
suggests  a  simpler  way  to  figure  out 
your  responsibilities  at  work.  Page  39 


it’s  tempting  to  hire 
your  next  IT 
manager  from  the 
crowded  job  market, 
but  there’s  also 
value  in  building 
management  skills 
the  old-fashioned 

way.  BY  MARY  K.  PRATT 

JOYCE  L.  YOUNG  is 

adding  three  new  man¬ 
ager  positions  to  her 
50-person  IT  group. 

She  wants  to  fill  the 
new  slots  by  March.  It’s 
a  tight  schedule,  but 
Young  has  a  plan:  Pro¬ 
mote  from  within. 

“I  know  I  have  to  go  outside  for  cer¬ 
tain  technical  expertise  I  don’t  have 
inside,  but  I  really  try  to  look  internally 
if  I  can,”  says  Young,  the  Chicago- 
based  CIO  at  CP  Kelco,  a  J.M.  Huber 
Corp.  company. 

As  the  list  of  required  skills  for  tech¬ 
nology  and  management  jobs  grows, 
CIOs  like  Young  must  decide  whether 
to  “build”  or  “buy”  managers.  Each 
strategy  comes  with  its  own  benefits 
and  drawbacks,  so  CIOs  should  weigh 
time  requirements,  organizational 
needs  and  even  retention  plans  when 
deciding  which  way  to  go. 

“There’s  no  black-and-white  answer. 
It’s  very  situational,”  says  Robert 
Rosen,  president  of  Share  Inc.,  a 
Chicago-based  nonprofit  organization 
of  IBM  users. 

Leading  CIOs,  recruiters  and  em¬ 
ployment  experts  agree  that  whether 
to  build  or  buy  shouldn’t  be  viewed  as 
an  either-or  question.  In  fact,  they  say, 
the  best  solution  for  any  organization 
is  one  that  includes  both  tactics. 

“It’s  a  mixed  strategy,”  says  Bruce  J. 
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MOST¬ 

VALUED 

Skills 
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When  Pittsburgh-area  IT  executives  recently 
gathered  to  discuss  their  hiring  needs,  it 
took  a  while  for  anyone  to  begin  talking 
about  the  technical  expertise  they  wanted. 

In  fact,  “for  the  first  15  minutes  of  the 
conversation,  not  one  mentioned  an  IT 
skill,”  says  Jared  Roberts,  managing  di¬ 
rector  of  the  IT  industry  network  at  the 
Pittsburgh  Technology  Council. 

Members  of  the  IT  Workforce  Board  in¬ 
stead  said  they  want  people  who  can 
work  on  teams,  learn  quickly  and  adjust  to 
changing  situations.  They  want  people 
who  understand  business. 

“The  IT  leader  has  to  invariably  deliver 
solutions  that  add  measurable  business 
value.  If  not,  then  the  business  discounts 
them,”  says  Steve  Kendrick,  president  of 
Kendrick  Executive  Resources. 

Business  know-how  tops  most  lists. 
“A  good  grasp  of  business  and  attention 
to  business  details  are  more  important  to¬ 
day  than  in  the  past,”  says  Stephen  Pick¬ 
ett,  president-elect  of  the  Society  for  In¬ 
formation  Management  (SIM)  in  Chicago 
and  vice  president  and  CIO  at  Penske 
Corp.  in  Bloomfield  Hills,  Mich. 

The  ability  to  talk  money  is  another 
high  priority.  IT  managers  need  a  greater 
understanding  of  costs,  budgets  and  fi¬ 
nancial  management  issues,  says  Diane 
Moreilo,  an  analyst  at  Gartner  Inc.  in 
Stamford,  Conn.  They  need  to  know  about 
cost  analysis  and  return  on  investment. 
“Most  businesses  tend  to  speak  the  lan¬ 
guage  of  money,  and  most  IT  people  tend 
to  be  outside  that  circle,”  she  says. 


That  leads  to  a  third  skill:  the  ability 
to  communicate.  IT  managers  need  to 
talk  to  business  people,  including  those 
who  sit  on  the  board  of  directors.  And 
they  have  to  do  so  in  everyday  language, 
not  technical  jargon.  “You  really  need  to 
have  the  oral  and  written  skills  to  get  your 
ideas  across,”  says  David  Luce,  president 
of  SIM  and  CIO  at  Rockefeller  Group  In¬ 
ternational  Inc.  in  New  York. 

IT  managers  need  to  learn  how  to 
manage  in  new  ways,  as  companies  ex¬ 
pect  them  to  work  more  often  with  other 
business  divisions  and  across  geographic 
distances.  They’ll  also  have  to  know  how 
to  motivate  people  working  halfway  around 
the  world.  “Skills  around  building  employ¬ 
ee  commitment  and  motivation  are  big 
time,"  says  Louise  Axon,  senior  vice  presi¬ 
dent  of  leadership  development  at  The 

f  Forum  Corp.,  a  Boston-based  manage¬ 
ment  consultant  and  training  company. 

In  this  age  of  offshoring  and  interna¬ 
tional  business,  global  experience  can 
give  a  manager  a  significant  edge.  Kate 
M.  Kaiser,  associate  professor  of  IT  at 
Marquette  University  in  Milwaukee,  says 
foreign-language  skills,  specifically  Man¬ 
darin  Chinese  or  Russian,  are  also  helpful, 
as  is  global  political  awareness. 

But  none  of  this  trumps  the  need 
to  stay  ahead  of  technology.  Umesh 
Ramakrishnan,  the  Cleveland-based  vice 
chairman  of  executive  search  firm  Christ¬ 
ian  &  Timbers,  says  IT  managers  need 
strategic  vision  and  insight  more  than 
ever.  “The  worst  thing  a  CIO  can  do  is  im¬ 
plement  a  strategy  that  has  to  be  changed 
again  in  24  months,"  he  says. 

Two  other  highly  desired  skills  -  leader¬ 
ship  and  the  ability  to  learn  will  help  IT 
managers  tie  all  those  other  talents  to¬ 
gether.  “To  me,  the  No.  1  capability  has 
got  to  be  leadership.  I  think  that's  the 
most  transferable  of  all  of  the  skills  they’re 
going  to  have  to  have,”  says  Bart  Bolton, 
an  Upton.  Mass.-based  facilitator  for  life¬ 
time  learning  and  the  facilitator  for  SIM's 
Northeast  Regional  Leadership  Forum. 
“Leadership  is  the  kingpin." 

-  Mary  K  Pratt 


Goodman,  CIO  at  Humana  Inc.  in 
Louisville,  Ky.  “You  want  a  team  that 
has  a  lot  of  A  players.  And  you  have  to 
identify  and  recruit  A  players  wher¬ 
ever  they  are.” 

Goodman  says  companies  that  build 
management  skills  in-house  are  build¬ 
ing  loyalty  and  capitalizing  on  institu¬ 
tional  knowledge,  too. 

He  remembers  one  IT  staffer  who 
showed  aptitude  for  leading  others. 
Goodman  put  him  in  charge  of  the 
company’s  help  desk,  where,  after  some 
additional  training,  he  proved  his  abili¬ 
ty  to  run  a  team  and  get  things  done.  “If 
we  hadn’t  done  that,”  Goodman  says, 
“he  might  not  have  stayed  around.” 

Statistics  support  that  assertion. 
“There’s  a  lot  of  bang  for  the  buck 
growing  them  from  within,”  says  Bev¬ 
erly  Kaye,  founder  and  CEO  of  Career 
Systems  International  Inc.  in  Scranton, 
Pa.,  and  co-author  of  Love  ’Em  or  Lose 
’Em:  Getting  Good  People  to  Stay,  Third 
Edition  (Berrett-Koehler,  2005). 

Kaye’s  recent  survey  of  more  than 
1,000  IT  workers  at  all  levels  found 
that  exciting  work  and  challenges, 
along  with  career 
growth,  learning  and 
development,  are 
among  the  top  fac¬ 
tors  that  keep  work¬ 
ers  with  their  current 
employers. 

Barbara  Kunkel, 

CIO  at  Rochester, 

N.Y.-based  law  firm 
Nixon  Peabody  LLP, 
says  building  skills 
among  existing 
workers  has  helped 
her  create  loyal  staff 
members  who  feel 
passionate  about 
their  work. 

“People  become  proud  of  what  they 
do.  You  can’t  buy  that.  And  you  can’t 
get  it  overnight,”  she  says.  “And  I  need 
consistent,  passionate  people  who  can 
move  this  organization  forward.”  Of 
Kunkel’s  five  direct  reports,  one  has 
been  with  the  firm  for  29  years;  two 
others  have  been  there  for  nearly  10. 

Retaining  Knowledge 

Building  a  management  team  from  in¬ 
ternal  staff  doesn’t  just  breed  loyalty, 
however.  The  process  also  guarantees 
what  Rosen  calls  “corporate  memory” 
—  the  knowledge  of  where  things  are, 
how  things  work  together  and  the  un¬ 
official  ways  projects  get  done. 

He  remembers  working  at  one  com¬ 
pany  that  hired  a  CIO  who  brought  in 
new  managers.  Those  managers  then 
undertook  initiatives  that  had  previ¬ 


ously  failed  at  the  company.  “There 
were  a  lot  of  false  starts  done  by  the 
new  people,”  Rosen  recalls. 

Bringing  new  people  on  board  can 
cost  tens  of  thousands  of  dollars  in 
headhunter  and  relocation  fees,  not  to 
mention  the  costs  of  disruption  in  the 
office,  experts  say.  But  training  existing 
staffers  to  move  into  management  po¬ 
sitions  can  be  expensive  too. 

Young  once  worked  at  an  engineer¬ 
ing  company  that  put  a  premium  on 
employee  retention.  So  when  Young 
had  to  fill  two  IT  management  posi¬ 
tions,  she  promoted  workers  who  had 
spent  their  careers  in  the  company’s 
business  division.  She  sent  them  to 
Northwestern  University’s  18-month 
executive  program  to  earn  master’s  de¬ 
grees  in  IT.  The  cost?  Nearly  $100,000. 

Outside  Advantages 

CIOs  and  other  employment  experts 
are  hard-pressed  to  come  up  with  stud¬ 
ies  and  comparisons  between  the  costs 
of  building  or  buying  management 
skills.  Data  about  the  return  on  invest¬ 
ment  for  each  scenario  is  slim,  they 

say,  and  most  infor¬ 
mation  is  anecdotal. 

For  example, 
Goodman  uses  com¬ 
panywide  matrices 
to  estimate  costs.  He 
says  training  and  de¬ 
velopment  amounts 
to  about  2%  of  the 
payroll  budget, 
while  the  cost  to 
hire  workers  runs 
just  under  2%. 

With  those  costs 
about  even,  Good¬ 
man  turns  to  the 
other  benefits  that 
come  from  external  hires.  For  example, 
they  can  bring  necessary  skills  or 
knowledge  to  an  organization  that 
doesn’t  have  time  to  build  them  inter¬ 
nally,  he  says. 

Others  say  hiring  new  IT  managers 
can  also  infuse  an  organization  with 
new  ideas,  innovative  approaches  and 
experience  in  markets  or  processes 
new  to  the  company. 

Companies  that  want  to  upgrade  the 
level  of  leadership  in  a  particular  role 
might  also  have  more  success  if  they 
hire  from  the  market,  says  Steve  Ken¬ 
drick,  president  of  Kendrick  Executive 
Resources  Inc.,  an  IT  executive  search 
firm  in  Dallas.  In  addition,  companies 
looking  for  significant  change  in  proc¬ 
esses  or  strategies  will  likely  have  more 
success  doing  so  if  they  seek  manage¬ 
ment  from  the  outside,  he  says. 

Even  those  who  prefer  to  build  man¬ 


agement  skills  internally  readily  ac¬ 
knowledge  these  benefits.  Ellen  Barry, 
CIO  at  the  Metropolitan  Pier  and  Ex¬ 
position  Authority  in  Chicago,  says  she 
puts  a  high  priority  on  training  her 
most  talented  people  and  encouraging 
them  “to  grow  into  the  professionals 
they  want  to  become.” 

On  the  other  hand,  Barry  says  she 
can’t  always  wait  for  that  to  happen. 
Sometimes  you  need  to  bring  in  new 
talent  to  get  the  skills  that  you  don’t 
have  and  can’t  rapidly  build,  she  says. 


Barry  has  had  to  make  the  tough  call 
of  not  promoting  people  who  weren’t 
quite  ready  for  management.  In  those 
cases,  she  hired  experienced,  qualified 
managers  from  the  marketplace.  Then 
she  worked  with  the  internal  candi¬ 
dates  to  make  sure  they  were  ready  the 
next  time  a  manager’s  slot  opened  up. 
©  52104 


Pratt  is  a  Computerworld  contributing 
writer  in  Waltham,  Mass.  Contact  her  at 
marykpratt@verizon.net. 


It’s  a  mixed 
strategy. 
You  want  a 
team  that  has  a  lot 
of  A  players.  And 
you  have  to  identify 
and  recruit  A  players 
wherever  they  are. 
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-  BRUCE  J.  GOODMAN, 
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Get  Ready  for  the 
Hispanic  Nation 

You’ve  heard  the  stats:  The  fast-growing 
Hispanic  population  in  the  U.S.  is 
43.5  million  strong,  and  12.6  million 
Latinos  are  already  online.  Hispanics 
have  about  $575  billion  worth  of  spend¬ 
ing  power  and  in  two  generations  will 
make  up  nearly  a  quarter  of 
the  workforce. 

Are  your  systems  ready? 

Your  interactive  voice  re¬ 
sponse  systems  need  to 
have  a  Spanish-language 
option,  your  call  centers 
should  have  Spanish-speak¬ 
ing  agents,  and  your  Web 
site  needs  a  clear  link  to 


content  in  Spanish. 

But  only  19%  of  Fortune  100  compa¬ 
nies  offer  Spanish-language  content  on 
their  U.S.  Web  sites,  according  to  re¬ 
ports  by  Ron  Rogowski,  an  analyst  at 
Forrester  Research  Inc.  And  even  Web 
sites  that  do  offer  some  Spanish  text  fall 
down  when  it  comes  to  allowing  actual 
financial  transactions  in  Spanish  or  op¬ 
timizing  their  search  engines  for  Span¬ 


ish  queries,  Rogowski  says. 

But  some  companies  are  getting  the 
message.  Verizon  Communications  Inc. 
places  its  Spanish  link  prominently  at 
the  top  of  its  Web  page  and  encourages 
Spanish-speaking  call  center  agents  to 
promote  the  Spanish  Web  site.  H&R 
Block  Inc.  users  can  get  maps  and 
driving  directions  to  local  offices  with 
Spanish-speaking  advisers.  And  Home 
Depot  Inc.  even  remem¬ 
bered  to  put  its  privacy 
policy  in  Spanish. 

Among  state  govern¬ 
ments,  Texas  is  the  only 
one  to  provide  a  full-fledged 
Spanish-language  Web 
portal  for  constituents,  says 
Rogowski. 

-  Mitch  Betts 


Verizon  has  a  Spanish-language  Web  site. 


Best  Bits 


The  most  useful  parts  of  recent  business 
and  IT  management  books. 

THE  BOOK:  Best  Face  Forward:  Why  Com¬ 
panies  Must  Improve  Their  Service  Inter¬ 
faces  with  Customers,  by  Jeffrey  F.  Rayport  and 
Bernard  J.  Jaworski 
(Harvard  Business 
School  Press,  2005). 
Nicholas  Carr  would  love 
this:  a  book  that  says  real 
competitive  advantage 
will  come  from  superior 
“customer  service  inter¬ 
faces,"  not  technology. 
But  wait,  Nick!  The  au¬ 
thors  go  on  to  say  that  the  key  to  better  customer 
service  is  finding  the  right  combination  of  people 
and  machines  for  the  situation. 

Sometimes  people  are  dominant  on  the  front 
lines  (think  of  call  centers),  while  the  technology  is 
in  the  background  helping  them  work  smarter.  And 
sometimes  the  technology  is  in  the  foreground 
(think  of  airline  ticket  kiosks),  while  people  are 
available  as  a  backup  option  or  if  something  goes 
wrong.  The  people/machine  combo  could  be  as 
simple  as  roaming  clerks  who  use  handheld  com¬ 


puters  to  take  fast-food  orders  when  the  lines  get 
too  long,  or  it  could  be  as  complex  as  Wal-Mart’s 
inventory-replenishment  system.  “In  essence, 
Wal-Mart  is  a  [supply  chain]  machine  with  a  hu¬ 
man  face,"  the  authors  say.  Probably  the  most  use¬ 
ful  part  of  the  book  is  the  last  chapter,  which  pro¬ 
vides  an  “interface  audit”  -  a  scorecard  for  rating 
your  company’s  customer  service  interfaces  in 
terms  of  effectiveness  and  competitive  advantage. 

-Mitch  Betts 

Things  to  Ponder 

■  Privacy  already  tops  the  list  of  consumer  worries 
about  radio  frequency  identification  technology,  with 
69%  of  consumers  saying  they  are  somewhat  or 
very  concerned  about  companies  using  RFID  to 
monitor  transactions  and  purchasing  habits, 
according  to  a  December  2004  study  of  8,500 
consumers  by  Artafact  LLC  in  Fremont,  Calif., 
and  BigResearch  LLC  in  Worthington,  Ohio. 


■  Does  your  Web  analytics  software  depend  on 
cookies  for  tracking  customer  surfing  habits?  You 
may  need  to  rethink  that  business  model  now  that 
nearly  half  of  North  Americans  own  spyware  re¬ 
moval  software  and  regularly  delete  the  tracking 
cookies,  says  Bob  Chatham,  an  analyst  at  For¬ 
rester  Research  Inc. 


■  Companies  that  use  e-procurement  applications 
have  reduced  the  amount  of  maverick,  or  off-con¬ 
tract,  spending  by  an  average  of  64%,  according 
to  a  benchmarking  study  by  Aberdeen  Group  Inc. 
in  Boston,  ©  52121 


The  percentage  jf  IT  downtime  occurrences 
caused  by  the  following  problems: 


Hardware 

failure 

30% 


SOURCE:  IDC,  FRAMINGHAM.  MASS..  NOVEMBER  2004 


GOT  ANY  BRIGHT  IDEAS?  Send  them  to 
pitches@computerworld.com. 


MANAGEMENT 


Technical  and  business 
skills,  good  judgment  and 
good  timing  will  all  help,  but 
leadership  is  the  linchpin. 

BY  JOHN  PARKER 


An  IT  director  at  a  small  home 
health  care  organization  re¬ 
cently  asked  me  about  how 
best  to  achieve  his  goal  of  be¬ 
coming  a  CIO.  The  organization  was 
“getting  over  a  downsizing,”  and  he 
was  planning  on  leaving  to 
pursue  his  career.  I’ve  been 
giving  the  question  some 
thought,  and  here’s  how  I 
see  it. 

There  is  no  formula  for  becoming  a 
CIO.  To  land  the  job,  four  things  must 
happen.  There  has  to  be  opportunity 
(that  is,  an  open  position),  you  must 
be  in  the  candidate  pool,  you  must  dis¬ 
tinguish  yourself  from  other  candi¬ 


dates,  and  you  must  be  willing  to  take 
the  job. 

There  isn’t  much  you  can  do  to  cre¬ 
ate  opportunities,  nor  can  you  affect 
their  timing,  so  you  should  avoid  the 
temptation  to  try.  You  don’t  want  a 
reputation  as  an  oppor¬ 
tunist,  which  would  be  vir¬ 
tually  guaranteed  to  stall 
your  career  growth.  As  hard 
as  it  can  be,  you  must  be  patient. 

But  while  you’re  waiting,  prepare 
yourself  to  take  advantage  of  opportu¬ 
nities.  Decision-makers  are  typically 
looking  for  certain  personal  behaviors 
and  experiences  as  they  fill  open  posi¬ 
tions.  You  can  practice  those  behaviors 


5  and  pursue  jobs  that  create  the  ex- 
§  perience  that  will  help  you  to  stand 
£  out  from  the  crowd.  The  following 
8  thoughts  may  help  steer  you  toward 
your  goal. 

Become  an  outstanding  leader.  It  all  starts 
here.  There’s  a  big  difference  between 
management  and  leadership.  There  are 
a  lot  of  really  smart,  highly  technical 
managers  out  of  work  right  now.  But 
for  a  strong  leader  with  an  IT  back¬ 
ground  —  particularly  with  business 
experience  —  opportunity  not  only 
knocks  on  the  door,  it  almost  rips  the 
hinges  off. 

How  do  you  become  one?  You  can’t 
become  a  leader  by  reading  this  article 
or  a  book  on  leadership.  You  have  to 
live  it.  Establish  a  set  of  principles  to 
guide  you  through  tough  decisions, 
and  develop  the  courage  to  make 
those  decisions  and  accept  the  conse¬ 
quences.  Enhance  your  credibility  by 
developing  a  track  record  of  making 
and  meeting  commitments. 

Teams  voluntarily  follow  leaders 
because  of  their  innate  authority,  not 
their  formal  authority,  so  figure  out 
how  to  connect  with  your  team  on  an 
emotional  level.  Be  willing  to  tackle 
tough  problems,  make  hard  calls  and 
accept  stretch  goals.  You  and  your 
teams  will  occasionally  fail,  so  be  will¬ 
ing  to  accept  responsibility,  recover 
and  learn  from  your  mistakes. 

Be  aware  that  as  a  leader,  you  are 
onstage.  Your  teams  will  learn  how  to 
behave  from  your  example,  particular¬ 
ly  during  tough  times.  You  set  the  tone 
for  your  organization’s  culture  and  val¬ 
ues,  so  make  sure  you  model  the  be¬ 
haviors  you  want  to  see  in  your  people. 

Think  of  yourself  as  a  business  person. 

Good  CIOs  don’t  rim  technology 
shops;  they  run  businesses.  The  best 
serve  as  key  members  of  the  executive 
team  running  their  firm’s  core  busi¬ 
ness.  To  be  credible  within  the  IT 
group,  you  must  have  a  good  grasp  of 
technology,  and  you  will  be  most  effec¬ 
tive  if  you  have  actually  done  some  IT 
jobs.  The  same  is  true  with  the  busi¬ 
ness  community.  If  you  don’t  have  a 
business  background,  going  back  to 
school  for  an  MBA  will  help,  but  run¬ 
ning  with  the  business  units  will  be  at 
least  as  valuable.  Learn  their  language. 
Understand  their  strategies.  Figure 
out  what  they  are  worried  about  and 
where  they  see  opportunity,  then  de¬ 
velop  ways  to  use  technology  to  help 
them  out. 

Get  intimate  with  the  numbers.  The  lan¬ 
guage  of  business  is  money,  and  if  you 
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WHEN  OPPORTUNITY  KNOCKS 


MANY  AMBITIOUS  PEOPLE  jump  at 
the  first  “title”  they  can  get.  This  is  often 
a  mistake.  When  viewed  over  two  to 
three  decades,  your  career  will  turn  out 
much  better  if  you  look  for  opportunities 
that  allow  you  to  grow  and  add  value, 
rather  than  being  title-focused.  These 
ideas  will  help  you  stay  on  track; 

■  Pick  a  company  for  which  IT  is  critical. 

■  Look  for  projects  that  result  in  bottom- 
line  benefit. 

■  Be  willing  to  move  laterally,  not  just 
vertically,  to  work  on  those  projects. 

■  Realize  that  bigger  companies  will  likely 
grow  your  experience  faster  than  smaller 
companies.  A  midlevel  management  po¬ 
sition  in  a  large  company  should  provide 
more  opportunity  to  learn,  grow  and  lead 
than  a  CIO  position  at  a  small  company. 

■  Make  sure  you’re  going  to  something 
you  like,  not  running  away  from  some¬ 
thing  you  don’t.  It’s  during  hard  times 
that  strong  leadership  is  most  needed. 
The  best  opportunity  could  be  to  stay 
right  where  you  are  and  build  a  better 
future. 

«  3C»  (S3  <CB  MSB  KCS  Ml  »  OEJ  MSt  K»  MSJ  *33  *3  Mat  Kl 

■  Show  that  you  can  be  successful  in  a 
variety  of  settings,  by  building  a  base  of 
experience  in  several  areas  such  as  ap¬ 
plication  development,  vendor  manage¬ 
ment,  computer  operations  and,  ideally, 
some  business  functions. 

-John  Parker 


don’t  understand  how  money  is  made 
and  spent  in  your  company,  you  won’t 
make  it  to  the  CIO  level.  To  effectively 
communicate  with  your  CEO,  board  of 
directors,  executive  committee  and 
chief  financial  officer,  you  must  know 
what  drives  your  company’s  costs  and 
how  to  manage  them.  As  a  service  pro¬ 
vider  within  your  organization,  in  or¬ 
der  to  be  successful,  you’ll  need  to  un¬ 
derstand  not  only  the  IT  budget,  but 
also  every  business  unit’s  budget. 

Finally,  remember  the  old  adage,  “Be 
careful  what  you  wish  for,  because  you 
might  get  it.”  Becoming  a  CIO  can  be 
an  extremely  rewarding  opportunity 
for  the  person  who  is  ready.  But  some¬ 
one  who  hasn’t  prepared  himself  can 
feel  like  a  dog  who  finally  catches  that 
truck  he’s  been  chasing  —  only  to  get 
run  over  by  it.  Do  all  you  can  to  get 
ready  for  the  role,  and  then  enjoy.  I 
can  promise  you  it  won’t  be  boring. 
Good  luck.  ©  51985 


Parker  is  executive  vice  president  and 
CIO  at  A.G.  Edwards  &  Sons  Inc.  You  can 
contact  him  at  jparker@agedwards.com. 
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ASK  A  PREMIER  100  LEADER 


Jerry  Bartlett 


T!TLt  Vice 
president  of 
application 
development 
and  quality 
assurance 


Afll  COMPANY: 

illV  II  Ameritrade 
■  Holding 
Corp.,  Columbia,  Md. 

Bartlett  is  this  month’s  guest 
Premier  100  IT  Leader,  an¬ 
swering  readers’  questions 
about  QA  vs.  development 
work  and  finding  an  entry- 
level  job  in  IT.  If  you  have 
a  question  for  one  of  our 
Premier  100  IT  Leaders, 
send  it  to  aska!eader@ 
computerworld.com  and 
watch  for  this  column 
each  month. 


Is  there  more  of  an  opportunity  for 
career  growth  in  quality  assurance 
or  software  development?  What 
are  the  future  prospects  for  a  qual¬ 
ity  assurance  position?  I  will  make 
two  assumptions:  that  you  are  already  in 
the  technology  field  and  that  you  realize 
that  the  software  developer  and  quality 
assurance  engineer  roles  are  very  differ¬ 
ent.  in  fact,  I  believe  that  they  require 
very  different  characteristics.  I  urge  you 
to  consider  whether  you  have  a  passion 
for  one  role  or  the  other. 


!  I  believe  that  the  prospects  for  QA 
|  professionals  are  very  good.  According 
I  to  statistics  released  in  2002  by  the  Na- 
!  tional  Research  Council,  U.S.  companies 
i  spent  $175  billion  in  2001  to  repair  dam- 
j  age  caused  by  software  defects.  Com- 
!  panies  are  realizing  that  an  investment  in 
!  quality  assurance  will  have  a  measurable 
i  impact  on  the  bottom  line.  As  a  result,  I 
|  see  many  enlightened  companies  in- 
|  vesting  in  training  for  quality  assurance 
I  engineers,  in  tools  and  hardware  envi- 
i  ronments.  It’s  an  exciting  and  satisfying 
j  time  to  be  a  QA  professional. 

I 

I  I  just  graduated  with  my  bachelor’s 
i  degree  in  computer  engineering 
j  technology.  I  have  very  little  expe- 
j  rience  in  the  field.  Where  should  I 
!  go  to  have  the  best  chance  at  an 
|  entry-level  IT  job?  There  are  several 
|  approaches  to  take  when  seeking  your 
first  job  in  a  particular  field.  Many  uni¬ 
versities  offer  job  placement  counsel¬ 
ing,  since  they  are  familiar  with  the  pro- 
5  fessional  firms  in  the  area.  I’d  encour- 
j  age  you  to  explore  that  option. 

Second,  don’t  undersell  yourself  as 
j  you  craft  your  r6sum6  and  begin  the  in- 
I  terview  process.  Many  employers  are 
j  looking  for  intelligent  candidates  who 
j  have  shown  initiative  and  are  a  good  1 
!  with  the  culture.  Consider  how  to  lever- 
I  age  project  assignments  you’ve  done  as 
j  part  of  your  course  work.  Convey  the 
i  unique  qualities  that  will  make  you  a  like- 
•  ly  long-term  contributor  to  future  em- 
|  ployers.  And  finally,  network.  Talk  to 
!  friends  and  fellow  graduates,  and  attend 
j  job  fairs.  Most  employers  realize  that  the 
j  best  candidates  come  by  way  of  referrals 
i  from  their  current  employees.  O  51894 


& 


Job  Market  Roundup 


THE  STATE  OF  THE  IT  JOB 
MARKET  MAY  DEPEND  ON 
WHOM  YOU  ASK. 

As  the  new  year  began,  contradictory 
assessments  of  the  market  were  is¬ 
sued  from  various  quarters.  Most  were 
at  least  partially  positive  outlooks,  but 
that  hardly  added  up  to  unanimity. 

Janco  Associates  Inc.  in  Park  City, 
Utah,  last  month  released  its  2005 
Comparative  IT  Salary  Survey,  saying 
that  there  was  a  small  decrease  in  de¬ 
mand  for  technology  professionals  and 
a  drop  of  just  under  1%  in  mean  total 
compensation  during  the  last  six 
months  of  2004,  despite  renewed 
spending  in  many  segments  of  the 
market.  It  also  said  that  the  outsourc¬ 
ing  of  IT  jobs  continues  to  have  a  neg¬ 
ative  effect  on  the  U.S.  and  Canadian 
job  markets,  the  two  countries  covered 
in  the  study.  The  bright  spot  in  the 
study  concerned  CIOs,  especially 
those  at  large  companies;  their  mean 
compensation  rose  by  more  than  4% 
during  the  period  studied. 

Also  last  month,  staffing  firm  Hud¬ 
son  Global  Resources  reported  that  its 
index  of  job  confidence  among  IT 
workers  rose  by  6.9  points  in  Decem¬ 
ber  to  116.3,  an  increase  fueled  by 
workers’  belief  that  hiring  is  up  and  lay¬ 
offs  are  declining. 


IS  THAT  CONFIDENCE 
WELL-FOUNDED? 

The  U.S.  Department  of  Labor  report¬ 
ed  that  in  December,  the  U.S.  econo¬ 
my  added  9,700  payroll  jobs  in  the 
area  of  computer  systems  design  and 
related  services,  bringing  the  total  to 
1.16  million.  Jobs  in  this  field  have  been 


on  the  rise  since  April  and  are  up  by 
57,300  positions  since  December 
2003.  And  employment  services  firm 
Challenger,  Gray  &  Christmas  Inc.  said 
that  U.S.  companies  last  year  laid  off 
23%  fewer  workers  than  they  did  in 
2003  and  62%  fewer  than  in  2002. 
Nonetheless,  Challenger  also  found 
that  employment  in  the  high-tech  in¬ 
dustry  is  still  in  flux,  with  job  losses  in 
the  industry  totaling  176,113  in  2004 
and  accounting  for  17%  of  all  job  cuts. 


SO,  WHAT’S  INSTORE? 

One  forecast  comes  from  Robert  Half 
Technology.  Its  2005  Salary  Guide 
[QuickLink  51675]  predicts  that  aver¬ 
age  base  pay  for  IT  professionals  over¬ 
all  will  rise  0.5%  this  year.  But  certain 
positions  will  see  greater-than-average 
increases.  Leading  that  group  (see 
chart  below)  are  systems  auditors, 
whose  base  compensation  Robert  Half 
expects  to  increase  by  5.1%  in  2005, 
to  the  range  of  $63,250  to  $81,750 
annually.  Systems  auditors  assess  and 
document  the  capabilities  of  existing 
systems  in  advance  of  hardware  and 
software  upgrades,  and  demand  for 
them  is  being  driven  by  the  need  to 
comply  with  the  Sarbanes-Oxley  Act, 
the  Gramm-Leach-Bliley  Act  and  other 
regulations.  And  according  to  the 
Robert  Half  Technology  IT  Hiring  Index 
and  Skills  Report,  11%  of  executives 
polled  plan  to  add  IT  staff  early  this 
year,  while  2%  anticipate  cutbacks. 
The  net  9%  hiring  increase  is  up  three 
percentage  points  from  the  previous 
quarter’s  forecast  and  six  percentage 
points  from  the  year-earlier  projection. 

-  Jamie  Eckle 


Projec  1  Fastest-!  owin; 
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Systems  auditor 

2005  %  INCREASE  OVER  2004 

863,250-381,750 

Pre-  and  postsales  consultant 

853,500-878,250 

Programmer/analyst 

852,500-883,250 

Instructor/trainer 

843,250-865,500 

Network  security  administrator 

863,750-890,500  j 

Data  security  analyst 

S68, 250-893, 000 

Quality  assurance/testing  manager 

864,750-886,750 

Disaster  recovery  specialist 

860,500-S90,750 

Intemet/intranet  developer 

S51, 750-874,250 

Business  systems  analyst 

856,000-880,500 
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Outsourcing 

■  Feb  21-23,  San  Diego 
Sponsor:  Michael  F.  Corbett  & 
Associates  Ltd. 

Topics  at  the  2005  Outsourcing  World 
Summit  include  assessing  your  op¬ 
tions,  managing  and  governing  strate¬ 
gic  relationships,  selling  outsourcing, 
improving  enterprise  efficiency,  global 
sourcing,  launching  a  provider  compa¬ 
ny  and  win-win  strategic  partnerships. 
www.corbettassociates.com/ 
content/10/78/250/ 

Wharton  Event 

■  Feb.  25,  Philadelphia 
Sponsor:  Wharton  School, 
University  of  Pennsylvania 

Topics  of  the  2005  Wharton  Technology 
Conference  include  VoIP,  nanotechnolo¬ 
gies,  digital  media,  open-source  for  the 
consumer,  venture  capital  opportunities 
and  advice  for  technology  start-ups. 
www.whartontechconference.com 


ISO  9000 

■  Feb.  28-March  2,  Orlando 
Sponsor:  ISO  9000  Institute 

Topics  at  the  2005  International  Con¬ 
ference  on  ISO  9000  include  strate¬ 
gies  for  performance  and  profit;  Six 
Sigma  and  ISO  9001;  a  systems  ap¬ 
proach  to  planning,  measurement  and 
improvement;  and  tools  and  methods 
for  improving  quality  management. 
www.iso9000conference.com 


Metamorphosis  ’05 

■  March  1-3,  San  Francisco 
Sponsor:  Meta  Group  Inc. 

Tracks  in  this  16th  annual  forum  include 
sourcing,  applications,  mastering  regu¬ 
lations  and  standards,  measurement 
and  modeling,  risk  and  business  conti¬ 
nuity,  and  leadership  strategies. 
ww^^mpmi^biMiidD 


HR  Technology 

■  March  2-4,  Marina  del  Rey,  Calif. 
Sponsor  The  Conference  Board  Inc. 

The  Strategic  E-HR  Conference  in¬ 
cludes  presentations  on  using  technol¬ 
ogy  to  transform  human  resources  into 
a  strategic  function,  leveraging  em¬ 
ployee  portals,  and  virtual  systems  for 
career  development  and  coaching. 
www.conference-board.org/ 
conferences 


PAUL  GLEN 


Workplace 

Obligations 


WOULDN’T  IT  BE  NICE  if  every  boss 

came  with  a  standard  API? 

It  would  be  so  easy  to  look  at  the 
interface  specifications  and  know 
exactly  what  he  expected,  in  what 
format  he  expected  it,  when  you  should  deliver  it,  what 
predictable  events  would  result  from  your  input  and 


how  you  should  handle  er¬ 
ror  conditions.  All  the  poli¬ 
tics  would  go  away.  Those 
pesky  emotions  would  be¬ 
come  a  nonissue.  Success 
would  become  deterministic. 

Sadly,  it  will  never  be  so 
simple.  Every  boss-subordi¬ 
nate  connection  is  a  cus¬ 
tom  job.  This  is  both  the 
promise  and  the  pain  of 
workplace  relationships; 
they  are  cobbled  together 
not  of  hardware  or  soft¬ 
ware,  but  of  wetware  (the 
gray,  squishy  stuff  between 
our  ears). 

The  complaints  about 
this  are  endless  from  the 
subordinate  side.  “I  don’t 
know  what  he  wants,  and  he  won’t  tell 
me.”  “She  doesn’t  really  understand 
what  I  do,  so  she  can’t  tell  me  what  she 
expects.”  “He  tells  me  one  thing,  and 
then  when  I  give  it  to  him,  he  changes 
his  mind.”  “She  says  that  I  have  an  atti¬ 
tude  problem,  but  I  don’t  really  know 
what  that  means.” 

As  it  turns  out,  the  inability  to  forge 
easily  understandable,  straightforward, 
repeatable  relationships  is  just  as  frus¬ 
trating  for  bosses  as  it  is  for  subordi¬ 
nates.  Supervisors  would  love  to  be  able 
to  clearly  articulate  exactly  what  they 
expect  so  that  all  their  people  would 
understand.  Sadly,  many  managers  erro¬ 
neously  believe  that  they  have  clearly 
defined  and  communicated  their  expec¬ 


tations,  and  they  just  can’t 
figure  out  why  no  one  else 
seems  to  get  their  vision. 

I’ve  developed  a  rather 
simple  philosophy  of  boss- 
subordinate  relationships. 
Although  not  a  detailed 
specification,  it  has  served 
me  well  both  as  a  manager 
and  as  a  subordinate.  It 
comes  in  two  parts. 

Part  1.  A  subordinate 
owes  the  boss  and  the  or¬ 
ganization  three  simple 
things: 

■  Candor 

■  Loyalty 

■  Delivery 

That’s  it.  If  I  deliver  on 
all  three  of  those  things, 

I  can  look  myself  in  the  mirror  and 
feel  that  I’ve  fulfilled  my  part  of  the 
employment  bargain.  Let’s  take  a  quick 
look  at  each  one,  because  they  are 
deceptively  simple. 

Candor.  We  owe  the  boss  honest  opin¬ 
ions  about  important  things  on  the  job. 
As  knowledge  workers,  we  are  not 
hired  for  our  muscle  power;  we  are 
hired  for  our  brain  power,  so  we  owe  it 
to  the  boss  to  share  the  fruits  of  our 
thought.  That  doesn’t  mean  that  we 
blather  on  about  every  fleeting  neural 
discharge,  but  if  something  is  impor¬ 
tant,  we  need  to  share  our  perspective. 

Sometimes,  this  can  be  an  unpleasant 
obligation.  Disagreeing  with  the  boss 
is  not  always  fun.  Some  managers  are 


Paul  0LEN  is  an  IT  man¬ 
agement  consultant  in 
Los  Angeles  and  the  au¬ 
thor  of  the  award-winning 
book  Leading  Geeks: 
How  to  Manage  and  Lead 
the  People  Who  Deliver 
Technology  (Jossey-Bass 
Pfeiffer,  2003; 
www.  leading  geeks,  com) . 

He  can  be  reached  at 
info@c2-consulting.com. 


not  open  to  other  people’s  opinions. 
Some  are  too  insecure  to  accept  them. 
Some  believe  that  power  confers  wis¬ 
dom  and  that  they  don’t  need  to  listen 
to  anyone  else.  But  the  boss’s  recep¬ 
tiveness  doesn’t  affect  the  obligation. 
If  a  project  is  running  aground,  some¬ 
one  has  to  speak  up  before  it’s  too  late. 

Loyalty.  I’m  not  talking  about  the 
blind  fealty  of  a  medieval  vassal  to  his 
master,  but  rather  a  reasonable  mod¬ 
icum  of  this  uncommon  virtue. 

Ultimately,  part  of  every  manager’s 
job  is  to  make  decisions.  This  includes 
making  hard  choices  that  may  upset 
people.  If  a  manager  never  ticks  any¬ 
one  off,  he  is  probably  shirking  his  re¬ 
sponsibilities.  If  we  have  shared  our 
opinions  with  our  manager  and  he 
makes  a  decision  we  don’t  agree  with, 
we  are  obliged  to  get  over  it  and  im¬ 
plement  his  choice.  We  should  not 
spend  endless  hours  trying  to  change 
things  post  hoc  or,  worse,  trying  to 
secretly  undermine  the  decision. 

Of  course,  there  are  exceptions  to 
the  loyalty  rule.  If  what  the  boss  has 
asked  us  to  do  is  unethical,  illegal, 
dangerous  or  patently  self-serving, 
loyalty  ends  there. 

Delivery.  And  finally,  when  we 
promise  to  do  something,  we  do  it. 

Part  2.  Bosses  owe  their  subordinates 
three  simple  things  too: 

■  Candor 

■  Loyalty 

■  Delivery 

Although  not  a  detailed  API,  this 
simple  understanding  can  go  a  long 
way  toward  smoothing  relationships 
and  directing  successful  careers.  What 
we  owe  one  another  in  the  workplace 
may  be  vast,  but  in  some  ways  it  is 
quite  simple.  O  52033 
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U.S.  ARMY  WAR  COLLEGE  Seeks  Visiting  Professor  of  Instructional 
Design.  The  U.S.  Army  War  College  seeks  a  Visiting  Instructional 
Designer  for  the  academic  year  06-07.  The  successful  candidate  will  be 
hired  under  the  provisions  of  the  Intergovernmental  Personnel  Act  which 
governs  the  temporary  assignment  of  personnel  between  the  federal  gov¬ 
ernment  and  state  and  local  governments  and  institutions  of  higher  learn¬ 
ing.  The  selected  candidate  will  be  responsible  for  designing/developing 
innovative  case  studies,  simulations,  prototype  educational  applications 
and  curriculum  enhancement  tools.  Must  be  conversant  with  emerging 
educational  concepts  and  technology  and  act  as  an  advocate  and  prima¬ 
ry  researcher  for  educational  technologies  and  related  instructional 
methodologies.  Must  have  significant  experience  and  expertise  in  explor¬ 
ing  and  exploiting  educational  technology  to  enhance  education,  prefer¬ 
ably  at  the  graduate  or  undergraduate  level.  This  should  include  working 
knowledge  of  the  most  current  educational  technologies,  applications, 
and  related  instructional  methodologies.  Possess  demonstrated  ability  to 
prepare,  coordinate,  supervise,  teach,  and  lecture  on  subjects  relating  to 
educational  methodologies  and  technologies  in  order  to  provide  faculty 
development  and  student  training  or  education.  Demonstrate  ability  to 
manage  or  supervise  in  a  graduate  level  academic  program.  The  appli¬ 
cant  will  also  advise  Department  of  Distance  Education  faculty  on  the  inte¬ 
gration  of  new  technologies/methods  to  enhance  and  reinforce  student 
learning.  An  earned  doctorate  in  a  science  or  technology  field  of  study 
with  experience  in  professional  military  education  is  preferred  but  not 
required.  The  term  of  service  which  begins  1  August  05  is  for  one  year. 
Applicants  should  submit  a  letter  of  interest  to  Dr.  Clayton  Chun, 
Chairman,  Department  of  Distance  Education,  U.S.  Army  War  College, 
ATTN:  ATWC-ADE,  122  Forbes  Avenue,  Carlisle,  PA17013-5240  or  e- 
mail  to  clayton.chun@carlisle.army.mil.  For  full  consideration,  applica¬ 
tions  must  be  postmarked  by  1 5  March  05. 


Siebel  Systems,  Inc.  has 
employment  opportunity  in 
Sandy,  UT. 

Analyst  DBA:  Use  engineering 
technology  knowledge  for  large 
database  systems  to  support  the 
planning,  coordinating  and 
administering  of  computerized 
databases.  Apply  knowledge  of 
database  administration  and 
management  to  review  technical 
base  definition,  structure,  docu¬ 
mentation,  long  range  require¬ 
ments,  operational  guidelines, 
and  protection.  Ensure  the  tech¬ 
nical  accuracy  and  complete¬ 
ness  of  data  in  computer  master 
files  and  various  support  tolls 
such  as  base  dictionaries.  Use 
computer  engineering  knowl¬ 
edge  to  install  and  maintain 
security  and  integrity  tools  for 
large  databases.  Provide  techni¬ 
cal  assistance  on  informing  and 
updating  policies,  procedures 
and  standards  relating  to  data¬ 
base  management.  Applying 
knowledge  of  DB2  UDB,  SQL 
server  development  and  demon¬ 
strated  technical  skills  to  ana¬ 
lyze  issues  with  the  company's 
database  systems.  Req.  BS  in 
CS,  CE,  EE,  Math,  MIS, 
Physics,  Business  or  related 
field  with  2  years  experience  as 
Database  Administrator,  Data¬ 
base  Developer  or  Senior 
Consultant.  Apply  online  at 
http://www.siebel.com/adresum 
e  or  forward  your  resume  refer¬ 
encing  CP0105  to:  Siebel 
Systems,  Inc.  Attn:  Corporate 
Recruiting,  2207  Bridgepointe 
Parkway,  San  Mateo,  CA 
94404.  EEOE 


Thomson,  Inc.  is  seeking  a 
Hardware  Engineer,  Senior 
Member  of  Technical  Staff,  to 
design  and  develop  front  end  for 
Digital  Satellite  Receiver,  devel¬ 
op  front  end  solutions  using 
Zero  IF  tuner  ICs  for  digital 
satellite  receivers,  conduct  vari¬ 
ous  analysis  for  F-type  connec¬ 
tors  involving  S-parameter  mea¬ 
surements  for  impedance 
matching,  and  perform  several 
tolerance  and  supply  ripple 
analysis  related  to  the  design 
phase.  Must  have  a  Master's 
degree  or  equivalent  in  Elec¬ 
tronics,  Communications,  or 
Electrical  Engineering  plus  3 
years  of  progressive  experience 
in  electronics  and  communica¬ 
tions  engineering.  In  lieu  of 
Master's  degree  plus  3  years  of 
experience  as  described,  em¬ 
ployer  will  accept  a  Bachelor's 
degree  in  Electronics,  Commun¬ 
ications.  or  Electrical  Engineer¬ 
ing  plus  5  years  of  progressive 
experience  in  electronics  and 
communications  engineering. 
Salary  commensurate  with  ex¬ 
perience.  Please  send  cover  let¬ 
ter  and  resume  to:  HR  -  Job  # 
9000,  Thomson  Inc.,  10330  N. 
Meridian  St..  Indianapolis.  IN 
46290. 


DEVELOPMENT  TEAM 
SUPERVISOR 

Sensormatic  Electronics  Corpor¬ 
ation  has  an  opening  in  Boca 
Raton,  FL  for  a  Development 
Team  Supervisor. 

Responsible  for  day-to-day  acti¬ 
vities  of  a  team  providing  web¬ 
site  development  and  Internet 
application  development  ser¬ 
vices.  Act  as  key  contact  for  end 
users.  Lead  joint  application 
development  and  manage  out¬ 
sourced  development  relation¬ 
ship.  Coach,  teach,  train  and 
guide  the  team  in  all  phases  of 
the  development  process.  Help 
identify  and  evaluate  any  em¬ 
erging  technologies.  Work  with 
open  source  tools  and  technolo¬ 
gies. 

Must  possess  at  least  a  bache¬ 
lor's  or  its  equivalent  in  Comput¬ 
er  Science,  Electrical  Engineer¬ 
ing  or  a  related  field  and  relevant 
work  experience,  including  work 
experience  with  the  following: 
advanced  programming  con¬ 
cepts,  algorithms,  data  struc¬ 
tures  and  object  oriented  tech¬ 
niques;  code  debugging,  inte¬ 
gration  debugging,  application 
configuration  and  development 
environments;  open  source  tools 
and  technologies;  and  Resin, 
Apache,  Java  and  Linux. 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
above  and  specify  reference 
code  DTS/CJP  or  it  will  be 
rejected. 

Forward  resume  to  Nella 
Nabhan,  HR  Administrator -TFS 
HQ,  Tyco/Fire  &  Security,  One 
Town  Center  Road,  Boca  Raton, 
FL  33486-1010. 


Programmer  Analyst  - 
Coldfusion/Web  Developer 

Multiple  positions  available  to 
analyze  user  requirements,  pro¬ 
cedures,  and  problems  to  auto¬ 
mate  processing  &  improve 
existing  computer  system. 

Requirements:  Masters  degree 
in  Com.  Science,  Engineering  or 
related  field.  Must  possess  2 
yrs.  work  exp.  in  position  offered 
or  in  developing  and  analyzing 
Web  application  programs. 
Must  be  knowledgeable  &  profi¬ 
cient  with  Web  development 
technologies,  including  Cold¬ 
fusion,  Java  Script,  XML  and 
HTML.  Must  be  exp.  with  writing 
complex  SQL  queries  related  to 
database.  Must  be  exp.  with 
designing,  developing  &  deploy¬ 
ing  Internet  and/or  web-based 
technologies  and  software. 
Must  be  willing  to  travel  fre¬ 
quently  for  short/long  term 
assignments  at  client  sites. 
Replies  with  Ref.  Code 
CW2005cold  via  email  (nan- 
dan@cogentinfo.com),  or  mail 
(Nandan  Banerjee,  Cogent 
Infotech  Corp.,  2581  Wash¬ 
ington  Rd.,  Suite  232  B,  Pgh., 
PA  15241) 


SENIOR  BUSINESS 
SYSTEMS  ANALYST  (IT) 

Sensormatic  Electronics  Corpor¬ 
ation  has  an  opening  in  Boca 
Raton,  FL  for  a  Senior  Business 
Systems  Analyst  (IT). 

Work  with  customers  to  define 
business  requirements  to  bridge 
gap  b/tw  business  and  technolo¬ 
gy.  Coordinate  projects  through¬ 
out  the  life  cycle  to  ensure  the 
business  needs  are  met  without 
exceeding  constraints.  Work 
with  open  source  tools  and  tech¬ 
nologies.  Aid  in  the  creation  of 
proposals  by  identifying 
resources,  needs  and  availabili¬ 
ty  in  order  to  set  and  meet  the 
expectations  of  all  project  partic¬ 
ipants.  Perform  vendor/soft¬ 
ware/hardware  evaluations. 

Must  possess  at  least  a  bache¬ 
lor's  or  its  equivalent  in  Comput¬ 
er  Science,  Electrical  Engineer¬ 
ing  or  a  related  field  and  relevant 
work  experience,  including 
classroom  training  and/or  work 
experience  with  open  source 
tools  and  technologies,  Resin, 
Apache,  Java  and  Linux. 

Resume  and/or  cover  letter 
must  reflect  each  requirement 
above  and  specify  reference 
code  SBSA/VBG  or  it  will  be 
rejected. 

Forward  resume  to  Nella 
Nabhan,  HR  Administrator  -  TFS 
HQ,  Tyco/Fire  &  Security,  One 
Town  Center  Road,  Boca  Raton, 
FL  33486-1010. 


Programmer  Analyst  - 
Microstrategy 

Multiple  positions  available  to 
analyze  user  requirements,  pro¬ 
cedures,  &  problems  to  auto¬ 
mate  processing  &  improve 
existing  computer  system. 

Requirements:  Masters  degree 
in  Comp.  Science,  Engineering 
or  related  field.  Must  possess  2 
yrs.  work  exp.  in  position  offered 
or  in  developing  &  analyzing 
programs  related  to  database. 
Must  be  exp.  with  business  intel¬ 
ligence  reporting  tools,  including 
Microstrategy.  Must  be  exp.  in 
writing  SQL  (using  Toad)  on 
Oracle  8i/9i.  Must  be  exp.  in 
data  modeling  &  applying  report¬ 
ing  tools  to  data  mart.  Must  be 
willing  to  travel  frequently  for 
short/long  term  assignments  at 
client  sites.  Replies  with  Ref. 
Code  CW2005micro  via  email 
(nandan@cogentinfo.com),  or 
mail  (Nandan  Banerjee,  Cogent 
Infotech  Corp.,  2581 
Washington  Rd.,  Suite  232  B, 
Pgh.,  PA  15241) 


Software  Engineers  need¬ 
ed.  Seeking  qual.  candi¬ 
dates  w /  BS  or  equiv.  &/or 
rel.  work  exp.  Part  of  req. 
rel.  work  exp.  must  include 
3  yrs  working  w/  Unix  shell 
scripting  (Korn),  Oracle  & 
MicroFocus  COBOL.  Duties 
include:  software  dev,  test¬ 
ing  &  client  support.  Fwd. 
resume  &  ref.  to  Remote 
Computing  Systems,  Inc., 
9017  Bluestem,  Wichita,  KS 
67207. 


SYSTEMS  SOFTWARE  ENGI¬ 
NEER  to  provide  on-site  consul¬ 
tancy  to  analyze,  design,  devel¬ 
op  and  implement  systems  soft¬ 
ware  in  web  architecture  using 
Java,  JSP,  Servlets,  CORBA, 
PL/SQL,  J builder,  WebMethods 
and  RDBMS,  Oracle.  DB2  and 
WebSphere  in  AlX/Solaris  and 
Windows  environment.  Require 
B.S.  (or  equivalent)  in  Engineer¬ 
ing/Computer  Science  and  5 
years  experience.  40%  travel  to 
client  sites  within  the  U.S.  re¬ 
quired.  Competitive  salary  and 
benefits.  Mail  resume  to:  Human 
Resource  Manager,  4C  Solu¬ 
tions,  Inc.,  1201  7th  Street,  East 
Moline,  IL  61244. 


Auto-Trol  Technology  Corp¬ 
oration  seeks  applicants  for  the 
position  of  Software  Engineer  in 
Denver,  CO,  to,  under  close 
supervision,  engage  in  moder¬ 
ately  complex  tasks  regarding  all 
aspects  of  the  software  develop¬ 
ment  life  cycle  from  requirement 
gathering  to  design,  implemen¬ 
tation,  testing  and  documenta¬ 
tion  for  a  range  of  products 
involving  technical  illustrations. 
Position  requires  bachelor's 
degree  in  computer  science  and 
working  knowledge  of  graphics 
systems  programming,  linear 
algebra,  design  and  analysis  of 
algorithms,  object-oriented 
methodologies,  Axonometric 
and  Perspective  systems,  C  and 
Visual  C++  programming  lan¬ 
guages  and  development  and 
maintenance  of  test  scripts  on 
WinRunner  or  similar  tool. 
Respond  by  resume  to  Lisa 
Jayne,  Auto-Trol  Technology, 
12500  N.  Washington  St., 
Denver,  CO  80241.  (Reference: 
Tl  Advertisement) 


SAP  Information 
Systems  Specialist 

Valero,  Inc.  has  position  opening 
for  SAP  Information  Systems 
Specialist.  The  Information  Sys¬ 
tems  Specialist  will  be  responsi¬ 
ble  for  analyzing  requirements, 
design,  development  and  testing 
of  a  seamless  integration  pro¬ 
cess.  Must  have  B.S.  degree  in 
engineering,  comp  sci  or  related 
degree  (foreign  degree  equiva¬ 
lent  accepted)  w /  2  years  in 
position  or  as  software  develop¬ 
er,  programmer  or  consultant. 
Please  forward  resume  to: 
Jennifer  Moreno,  One  Valero 
Way,  San  Antonio,  TX  78249. 
No  email  or  telephone  inquiries. 


IT  Market  Analyst  needed  to  cre¬ 
ate  &  analyze  corporate  strate¬ 
gy,  performance  &  prospects  of 
business  segments  in  IT  ser¬ 
vices;  prep  &  eval  plans  &  bud¬ 
gets;  analyze  cost  structures, 
performances  &  variances;  mon¬ 
itor  portfolios  ind  strategy  formu¬ 
lation,  eval  M&A  opportunities, 
fund  raising,  recruitment  &  busi¬ 
ness  dvlpmt.  Resume  to  Global 
Consultants,  Attn:  Hireme,  25 
Airport  Rd,  Morristown,  NJ 
07960 


Lead  Software  Engineers 

AEBN,  Inc.  has  position 
opening  for  Lead  Software 
Engineers,  Level  I,  il.  Will 
design/architecture  and  de¬ 
velop  software  applications. 
Must  have  M.S.  degree  in 
computer  science  w /  1  year 
in  position  for  Level  II  and  3 
years  for  Level  I.  Please  for¬ 
ward  resume  to:  Brian  Ziel, 
5300  Old  Pineville  Road, 
Suite  160,  Charlotte,  NC 
28217.  No  email  or  tele¬ 
phone  inquiries. 


EDI  Analyst/Web  Devel¬ 
oper.  BS  in  Info  Systems  or 
Comp  Sci  +  5  yrs  exp  OR 
MS  plus  2  yrs  exp.  Exp  to 
include  JAVA  &  internet-ori¬ 
ented  programming  or  dev, 
EDI  translation  tools  &  ANSI 
XI 2  standards',  dem  knowl¬ 
edge  of  HTML,  TCP/IP, 
FTP,  SMTP,  POP,  HTTP 
protocols,  GUI  design  prin¬ 
ciples.  Send  resumes  to 
Staffing,  PO  Box  657,  Des 
Moines,  Iowa  50303. 


Hetrosys,  LLC,  based  in  Detroit, 
Ml  seeks  Software  Engineer  for 
Detroit  and  nationwide  opportu¬ 
nities.  Requirements  include 
Master's  degree  or  foreign 
equivalent  in  Computer  Science, 
Information  Technology  or  relat¬ 
ed  field  and  three  years  experi¬ 
ence  designing  and  developing 
J2EE  Web-based  software 
applications.  Position  also 
requires  one  year  experience 
working  with  Struts  Open  Source 
Web  application  framework: 
integrating  IBM  Main  Frame 
applications  using  IBM  Web¬ 
sphere  Application  servers, 
developing  Web  services  and 
implementing  service-oriented 
architecture.  Apply  via  U.S.  Mail 
with  resume  to  Hetrosys,  LLC, 
3757  S.  Baldwin  Rd.,  #223, 
Lake  Orion,  Ml  48359. 


Network/System  Administrator 
wanted  to  maintain  &  upgrade 
network,  &  develop  &  maintain 
web  site  &  e-commerce  solu¬ 
tions.  Must  have  Bach,  in 
Comp.  Sci.  or  related  field,  &  2 
yrs  network  &  systems  eng. 
exper,  incl.  configuring  &  main¬ 
taining  routers,  firewalls,  WAN 
technologies  &  deploying  Auth¬ 
entication  &  File  Servers  over 
Windows  2000  client-server 
environ.  &  incl.  exper.  with  Linux 
server  platforms,  MS  Exchange 
Mail  server  &  Network  Security. 
Proficiency  in  Windows  2003 
server,  Novell  Netware  client- 
server  &  ASP/VB. Net/SQL  serv¬ 
er  2000  programming.  Send 
resume  to  HR,  Adaptive 
Instruments  Corp.,  577  Main 
St.,  Hudson,  MA  01749. 


Database  Admin  -  engage  in 
database  design  &  admin;  web 
design;  recovery  &  backup  plan- 
n'g  &  implementation;  &  user 
access.  Design  sites  for  search 
engine  optimization.  Write  & 
design  server  architecture.  Train 
system  users.  Analyze,  review  & 
alter  prog.s.  Project  developmt. 
35  hrs.  B.S.  in  Computer  Sci  or 
Computer  Bus  Applies.  2  yrs  exp 
in  job  offd.  Fax  resume  &  salary 
reqmts  to  (727)  544-4386,  Attn: 
Ms.  Dore-Falcone,  GeoPharma, 
Inc. 


Accounting  Consultant  needed 
w/Bachelors  or  Foreign  Equiv  in 
Accntg,  Fin  or  Bus.  Admin  &  1  yr 
exp  to  analyze  &  compile  fin. 
Info  to  summarize  current  &  pro¬ 
jected  company  fin.  reports. 
Examine,  analyze  &  interpret  the 
liquidity  ratios  of  corporate  cus¬ 
tomers.  Prepare  cost  profit 
analysis  &  prepare  cash  flow 
statements,  budgeting  &  fore¬ 
casting  using  Oracle  Financials, 
MS  Excel,  Dbase,  Lotus  1-2-3  & 
Peachtree.  Send  res  to: 
Wireless  4  U,  Inc.  15028 
Manchester  Road,  Ballwin,  MO 
63011 


Senior  Software  Engineers 
needed.  Seeking  qual.  candi¬ 
dates  with  MS/BS  or  equiv. 
and/or  rel.  work  exp.  Part  of  the 
req.  rel.  exp.  must  include  2  yrs 
working  w /  J2EE  &  SQL  Server. 
Duties  incl  design  &  develop 
web-based  software  for  service 
industry  &  provide  software  sup¬ 
port,  including  unit  testing  & 
debugging  code.  Travel  &  relo¬ 
cation  may  be  required.  Fwd. 
res.  &  ref.  to:  Sysnet  Technology 
Solutions.  Inc.,  Attn:  HR,  20380 
Town  Center  Lane,  Suite  166, 
Cupertino,  CA  95014. 


Software  Engg.  Needed. 
Seeking  qual.  candidates  pos¬ 
sessing  MS/BS  or  equiv.  &  rel. 
wrk  exp.  Part  of  the  req.  rel.  exp. 
must  include  3  yrs.  working  w / 
ADS/O  &  MQ  Series  &  3  yrs. 
applying  Six  Sigma  Process  in 
the  IT  solutions.  Exp.  can  be 
simult.  Duties  include:  Design  & 
dev,  soft.  app.  Apply  Six  Sigma 
Process  to  ensure  quality.  Wrk 
w/  ADS/O,  LRF,  IDDM, 
Easytrieve,  IDMS  &  MQ  Series. 
Travel  &  relocate  may  be 
necess.  Fwd.  res.  &  ref.  to 
Saitech  Corp.  1215B  Duane 
Swift  Pkwy,  Jefferson  City,  MO 
65109. 
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Computer  Professionals 
(Multiple  Openings) 

Senior  Software  Engineer/ 
Programmer  Analyst/  Systems 
Analyst/  Database  Admin¬ 
istrator,  Software  Engineer/ 
Programmer  Analyst/Systems 
Analyst/  Database  Administrator 

Must  have  masters  or  equivalent 
degree  for  senior  positions, 
Bachelors  degree  and/or  experi¬ 
ence  in  computer  science,  engi¬ 
neering  or  related  field  and 
experience  in  some  of  the  fol¬ 
lowing  skills: 

Microsoft  Technologies  (Visual 
Basic.  NET,  ASP),  C/C++,  Java, 
Cold  Fusion;  CRM  (Siebel, 
Clarify);  ERP  (SAP,  PeopleSoft, 
Oracle  Apps);  Middleware 
Technologies  (Orbix,  Corba, 
Tibco,  Vitria);  Datawarehousing 
Tools  (Informatica,  Data  Stage, 
Abinitio,  Business  Objects, 
Cognos,  Micro  Strategy,  Brio); 
Mainframe  (Cobol,  CICS,  JCL, 
VSAM)  AS400;  Quality 
Assurance  (Win  Runner,  Load 
Runner,  Silk,  Quickpro,  Manual 
Testing)  Databases/  Admini¬ 
stration  (SQL  Server/  Oracle/ 
DB2/Sybase);  MS  Windows 
(95/98/NT/  2000, XP,  Exchange), 
UNIX  (Sun  Solaris,  HP,  AIX), 
Linux 

Work  Location:  Maine  and/or 
any  unanticipated  location  in  the 
U.S.  (must  be  able  to  travel  or 
relocate  nationwide).  Attractive 
compensation  package.  40 
hrs/week. 

Mail  your  Resume  to: 
hr@gamatech.com,  Human 
Resources  Director,  Gamatech, 
Inc,  477  Congress  Street,  5th 
Floor,  Portland,  ME  04101-3427 


Computer  Scientist 

Responsible  for  R&D  of  hard¬ 
ware  &  software  formal  verifica¬ 
tion  framework.  Duties  include 
design  &  implementation  of  for¬ 
mal  specification  language,  new 
automated  verification  algo¬ 
rithms;  overall  system  infrastruc¬ 
ture;  perform  research  in  formal 
methods  area;  write  research 
papers  &  technical  reports.  This 
position  requires  Ph.D.  in  CS 
with  doctoral  dissertation  em¬ 
phasis  in  software  engineering  & 
formal  methods  for  analysis  & 
verification  of  software  &  hard¬ 
ware  systems.  Research  back¬ 
ground  to  include:  design,  imple¬ 
mentation;  use  of  model  check¬ 
ers,  static  analyzers,  compilers; 
software  verification;  implemen¬ 
tation  &  design  skills  including 
object  technology;  programming 
skills  including  C++,  Scheme, 
Emacs-Lisp,  &  Java;  working 
knowledge  of  automatic  theorem 
proving  &  formal  semantics  of 
programming  languages.  This 
position  is  located  in  Menlo 
Park,  CA.  Please  apply,  indicat¬ 
ing  job#  2251 ,  via  our  website  @ 
www.sri.com  or  mailing  address 
at  333  Ravenswood  Ave,  Menlo 
Park,  CA  94025.  Attn:  Employ¬ 
ment  Dept.  EOE/AA. 


Software  Engineer 

Specify,  design,  develop,  and 
test  embedded  control  systems, 
software  and  hardware  design; 
simulation,  modeling,  develop¬ 
ment,  testing/debugging,  inte¬ 
gration,  validation  &  documenta¬ 
tion. Required:  must  have  Bach¬ 
elor’s  Deg.  in  CS,  E/E,  or  Tech¬ 
nology  related  equiv.  degree;  10 
years  exp.  in  job  offered;  Exp.  w / 
programming  embedded  control 
systems  in  C++  8051  Assembly, 
&  VHDL  languages,  as  well  as  in 
PC  104-based  Linux.;  Exp.  w/ 
direct  hardware-ievel  program¬ 
ming  &  circuit  design;  w /  hard¬ 
ware-level  device  drivers  &  pro¬ 
grammable  logic;  Exp.  w/  bench 
development  of  hardware-level 
prototypes,  including  creating 
test  procedures  for  debugging/ 
test  &  documentation  to  MIL 
Specs;  Project  responsibility 
from  start  to  finish.  Pis.  send 
resume  to  RF  Products,  Inc. 
Davis  &  Copewood  Str., 
Camden,  NJ  08103  (EEO/M/F) 


A  position  is  available  for  a 
Senior  Technical  Advisor  for  a 
software  developer  in  the  health¬ 
care  industry.  The  company  is 
located  in  Durham,  North 
Carolina,  but  the  job  can  be  per¬ 
formed  from  anywhere  in  the 
United  States.  The  Senior 
Technical  Advisor  will  be  primar¬ 
ily  responsible  for  providing 
technical  expertise  in  resolving 
difficult  or  complex  problems 
escalated  from  support  staff. 
Specific  responsibilities  include 
testing  network  utilization  of 
products  in  lab  conditions  and 
on  customer's  networks  and 
reviewing  and  approving 
changes  to  client  data  and  pro¬ 
grams.  Candidates  for  this  posi¬ 
tion  should  possess  an  associ¬ 
ate  degree  in  Engineering 
Technology  or  a  related  field  and 
at  least  1  year's  experience  pro¬ 
viding  technical  support  in  the 
healthcare  industry  including 
Novell,  UNIX,  and  Btreive;  plan¬ 
ning,  installation,  configuration 
and  support  of  network  infra¬ 
structures  (LAN/WAN,  FDDI,  or 
cable);  network  naming,  poli¬ 
cies,  and  conventions  (TCP/IP 
tables);  and  database  program¬ 
ming.  Apply  with  resume  by  mail 
to:  Shelley  Ayers,  Per-Se 
Technologies,  Inc.,  300  West 
Morgan  Street,  Suite  175, 
Durham,  North  Carolina  27701 


SOFTWARE  ENGINEER  to 
design,  develop,  test  and  main¬ 
tain  client/server  and  n-tier 
applications  on  Windows  and 
UNIX  platforms  using  C,  C++, 
VC++,  Visual  Basic,  ActiveX, 
COM,  Java,  Servlets,  SQL  XML 
Technologies,  Object  Oriented 
Design  and  Analysis,  UML, 
Data  Modeling,  Distributed 
Databases,  and  IIS;  Design 
and  develop  database  driven 
applications  for  the  transporta¬ 
tion,  public  health,  environmen¬ 
tal  Require:  Master's  degree  in 
Computer  Science/  Eng¬ 
ineering,  or  a  closely  related 
field;  Must  have  a  demonstrat¬ 
ed  ability  to  perform  the  stated 
duties  gained  through  academ¬ 
ic  coursework/  previous  work 
experience.  Extensive  trav¬ 
el  on  assignment  to  various 
client  sites  within  the  U.S.is 
required.  Competitive  salary 
offered.  Send  resume  to:  Ayan 
Sengupta,  US  Computing,  Inc., 
2927  Devine  Street,  Suite  200, 
Columbia,  SC29205;  Attn:  Job 
AY. 


A  position  is  available  for  a 
Quality  Engineer  Analyst  II  in 
Atlanta,  Georgia  with  a  technolo¬ 
gy  solutions  company.  The  Qua¬ 
lity  Engineer  Analyst  II  will  be 
primarily  responsible  for  devel¬ 
oping,  designing,  and  imple¬ 
menting  tests  and  evaluating 
results  for  all  product  compo¬ 
nents.  Specific  responsibilities 
include  creating  test  paradigms, 
developing  regression  tests  and 
associated  code,  developing 
test  suites,  performing  crash 
testing,  stress  testing,  and  error 
conditioning  testing.  Candidates 
for  this  position  should  possess 
a  Bachelor’s  degree  in  Comput¬ 
er  Science  or  a  related  field  and 
at  least  2  years'  experience  with 
relational  databases  including 
SQL,  regression,  integration, 
functional  and  stress  testing; 
writing  test  plans,  test  scripts 
and  technical  documentation; 
Windows  operating  systems  and 
issue  tracking  software;  and 
demonstrated  knowledge  of  C 
programming  and  test  lab  set  up 
including  SW  installation,  HW 
configuration,  and  networking 
computers.  Apply  with  resume 
by  mail  to: 

Vickie  Olsen 
Radiant  Systems,  Inc. 

3925  Brookside  Parkway 

Alpharetta,  Georgia  30022 


Systems  Analyst/Programmer 
Consulting:  Must  have  a  Mast¬ 
er's  degree  or  equivalent  In 
Computer  Engineering,  Comput¬ 
er  Science,  Information  Systems 
or  Engineering  and  3  years 
experience  as  a  Programmer 
Analyst  (will  also  consider  B.S. 
degree  and  5  years  of  progres¬ 
sive  experience  in  the  field  as 
the  equivalent  to  a  US  Master's 
degree  and  3  years  of  experi¬ 
ence)  the  experience  must  in¬ 
clude  the  design,  development, 
implementation  and  mainte¬ 
nance  of  multi-tier  client/server 
systems  utilizing  sophisticated 
technologies  such  as  COBOL, 
CICS,  DB2.  VSAM,  Endeavor, 
JCL  and  SQL/QMF,  File-Aid, 
Xpeditor  on  IBM  mainframes. 
Responsible  for  the  design,  de¬ 
velopment,  implementation  and 
maintenance  of  highly  complex 
multi-tier  client/server  systems 
utilizing  sophisticated  technolo¬ 
gies  such  as  COBOL,  DB2, 
VSAM,  CICS,  JCL,  SQL/QMF, 
File-Aid,  Xpeditor  and  Endeavor 
on  IBM  08/390  mainframe  oper¬ 
ating  systems.  Work  with  client 
management  to  identify  and 
specify  complex  business  re¬ 
quirements  and  processes  for 
modification  of  new  and  current 
software  programs.  Conduct 
performance  and  model  testing, 
report  generation,  troubleshoot¬ 
ing,  debugging  and  coding. 
Participate  in  process  design, 
end-user  training  and  systems 
support.  $66,780  yearly.  Send 
resume  to:  DWS,  Attn:  Erlinda 
Anderson,  Job  #  8166444,  140 
E.  300  S.,SLC,VT  84111. 


SENIOR  PROGRAMMER/ANA¬ 
LYST  to  analyze,  design,  devel¬ 
op,  test  and  maintain  application 
software  systems  using  ASP, 
VB,  ASP.NET,  VB.NET,  C#,  SQL 
Server,  Oracle,  VB  Script,  Java 
Script,  XML,  XSLT,  IIS,  MTS, 
HTML,  DHTML,  COM,  DCOM, 
Crystal  Report  and  Active 
Reports  under  Windows  NT/ 
2000/2003  operating  systems. 
Require:  Bachelor’s  degree  (or 
equivalent)  in  Computer 
Science,  a  Scientific  discipline, 
or  a  closely  related  field  with  2 
yrs  of  exp  in  the  job  offered; 
Each  3  yrs  of  progressively 
responsible  work  exp  in  the  field 
will  be  considered  equivalent  to 
1  yr  of  college  education. 
Extensive  travel  on  assignment 
to  various  client  sites  within  the 
U.S.is  required.  Competitive 
salary  offered.  Send  resume  to: 
Popular  Tech,  14151  Newport 
Avenue,  Suite  204,  Tustin, 
CA92780;  Attn:  JobNV. 


OmniPros,  a  worldwide  provider 
of  software  solutions  seeks  moti¬ 
vated  Software  Engineers, 
Network  Administrators/  Engin¬ 
eers,  IT  Analysts,  and  Business 
Development/Technical  Oper¬ 
ations  Management.  Multiple 
Positions  available  in  Cincinnati, 
OH  and  San  Jose,  Ca.  Please 
e-mail  resume  to 

careers@omnipros.com,  fax 
resume  to  408-944-0719,  or 
mail  resume  to:  OmniPros  Ltd. 
99  W.  Tasman  Drive,  Ste  205 
San  Jose,  CA  951 34 


Software  Professionals:  RS 
Software,  a  leading  globally  pos¬ 
itioned  software  development 
and  consulting  firm  needs  pro¬ 
grammer/analysts,  willing  to  re¬ 
locate  at  employer's  expense  to 
its  multinational  clients  nation¬ 
wide  with  exp.  in  the  following 
skill  mixes:  COBOL,  CICS.  DB2, 
SQL  Server,  Turbo  Image,  MPE- 
ix  on  HP3000  platform  C,  C++, 
VC++,  MFC,  Oracle  and  OOAD 
on  embedded  technology  MVS, 
JCL,  IMSDB,  Fileaid,  Xpeditor, 
C,  C++.  Unix,  COBOL,  CICS, 
DB2  and  MQ  Series  on  credit 
card  applications  Send  resume 
to:  HR,  RS  Software  (I)  Ltd. 
1900  McCarthy  Blvd,  #103, 
Milpitas,  CA  95035. 


Computerworld  - 


Systems  Analyst/Programmer 
Consulting:  Must  have  a  Mast¬ 
er's  degree  or  equivalent  in 
Computer  Engineering,  Comput¬ 
er  Science,  Information  Systems 
or  Engineering  and  3  years  ex¬ 
perience  as  a  Programmer  An¬ 
alyst  or  Systems  Engineer  (will 
also  consider  B.S.  degree  and  5 
years  of  progressive  experience 
in  the  field  as  the  equivalent  to  a 
US  Master's  degree  and  3  years 
of  experience)  the  experience 
must  include  the  design,  devel¬ 
opment,  and  implementation  of 
highly  complex  information  sys¬ 
tems  utilizing  sophisticated  tech¬ 
nologies  such  as  COBOL,  CICS, 
DB2,  Endeavor,  JCL  and  SQL/ 
QMF  on  IBM  mainframe  operat¬ 
ing  systems.  Responsible  for  the 
design,  development  and  imple¬ 
mentation  of  highly  complex 
information  systems.  Work  with 
client  management  to  analyze 
business  requirements  and  id¬ 
entify  solutions  for  complex  bus¬ 
iness  technology  systems  and 
object-oriented  systems.  Con¬ 
duct  performance  and  model 
testing,  report  generation,  trou¬ 
bleshooting,  debugging  and 
coding.  Participate  in  process 
design,  end-user  training  and 
systems  support.  $66,780  year¬ 
ly.  Send  resume  to:  DWS,  Attn: 
Erlinda  Anderson,  Job  # 
8166441,  140  E.  300  S„  SLC, 
VT  84111. 


Computer  Scientist 

Responsible  for  performing  ba¬ 
sic  research  in  intelligent  agent 
systems  &  applying  the  results 
to  challenging  real-world  prob¬ 
lems.  Responsibilities  will  in¬ 
clude  managing  maintenance  & 
extension  of  existing  BDI  (Belief 
Desire  Intention)  agent  software 
&  leading  research  efforts  in  the 
area  of  robustness  for  agent 
systems.  Requires  PhD  in  com¬ 
puter  science  with  doctoral  re¬ 
search  &  dissertation  emphasis 
in  BDI  agent  systems  plus  five 
years  experience  in  the  applica¬ 
tion  of  BDI  agent  systems  to 
real-world  problems.  Requires 
publication  record  in  BDI  sys¬ 
tems.  Background  must  include 
theoretical  foundations  of  BDI 
agent  systems;  programming  in 
Prolog,  Python,  Java,  and  Lisp; 
software  engineering  project 
leadership  experience.  This  pos¬ 
ition  is  located  in  Menlo  Park, 
CA.  Please  apply,  indicating 
job#  2263,  via  our  website  @ 
www.sri.com  or  mailing  address 
at  333  Ravenswood  Ave,  Menlo 
Park,  CA  94025.  Attn:  Employ¬ 
ment  Dept.  EOE/AA 


SOFTWARE  ENGINEER  to 
design,  develop,  implement  and 
test  application  software  using 
Java,  J2EE,  JSP,  WebLogic, 
WebSphere,  Tomcat,  XML,  RMI, 
IRC,  Servlets,  Java  Applets, 
Java  Script,  C  and  Oracle  under 
Windows  and  UNIX  operating 
systems.  Require:  M.S.  degree 
in  Computer  Science/  an  Eng¬ 
ineering  discipline,  or  a  closely 
related  field  with  1  yrs  of  exp  in 
the  job  offered  or  as  a  Prog¬ 
rammer/  Analyst;  Extensive  trav¬ 
el  on  assignments  to  various 
client  sites  within  the  U.S.is 
required.  Competitive  salary 
offered.  Apply  by  resume  to: 
Sudhakara  Ravoori,  Sai 
Technical  Services,  Inc.,  626 
WendoverDrive,  Ridgeland, 
MS39157;  Attn:  JobSK. 


Computer/Engineering 

We  currently  have  an  opportu¬ 
nity  in  Seattle,  WA  for  VP  of 
Engineering.  Some  travel  re¬ 
quired.  Bachelors  in  CS,  Bus 
or  related  field  &  8  years  exec¬ 
utive  level  high-tech  industry 
exp  required.  You  may  send  a 
resume  to  Visto  Corporation  - 
Staffing  Manager,  220  West 
Mercer,  Suite  300,  Seattle,  WA 
98119  Fax:  (650)  622-9589  or 
email  your  resume  to 
jobs@visto.com  and  specify 
JoblD#10.37.04J  with  your 
submittal. 
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Senior  Development  Engineer 
(multiple  openings).  San  Jose, 
CA.  Req.  Master's  degree  (or 
foreign  equiv.)  in  comp,  science 
or  comp.  eng.  &  2  yrs.  of  exp.  in 
the  job  offered  or  2  yrs.'  exp. 
performing  C  dev.  in  Linux.  [In 
lieu  of  Master's  degree,  will 
accept  Bach,  degree  (or  foreign 
equiv.)  &  5  yrs'  progressive  post- 
baccalaureate  exp.  as  stated.]  1 
yr.  of  stated  exp.  must  include 
using  network  protocols  in  ker¬ 
nel;  &  util,  real  time,  zero  copy  & 
embedded  solutions  design. 
Must  pass  company's  technical 
review.  Research,  design,  devel¬ 
op  &  maintain  key  elements  of 
advanced,  multi-user  enterprise 
&  server  provider  applications 
for  IP  telephones  &  mobile 
devices.  Forward  resume  by  e- 
mail  to  citrixrecruiting@citrix.com 
or  by  mail  to  Citrix  Systems,  Inc., 
851  W.  Cypress  Creek  Road,  Ft. 
Lauderdale,  FL  33309.  Must  ref¬ 
erence  job  code  28713  in  sub¬ 
ject  line  of  e-mail  or  in  written 
response.  EEO/AA  Employer 


SENIOR  SOFTWARE  ENGIN¬ 
EER  to  lead  a  team  in  the  des¬ 
ign,  development,  testing,  imple¬ 
mentation  and  support  of  inter¬ 
net  based  financial  application 
software  using  C#,  ASP.NET, 
XML,  HTML,  Java  Script,  ASP. 
Visual  Basic,  IIS,  PL/SQL,  Or¬ 
acle,  SQL  Server,  Crystal  Re¬ 
ports  and  Rational  Rose  under 
Windows  2000/NT,  UNIX  and 
DOS  operating  systems;  Mentor 
and  supervise  junior  engineers 
and  programmers.  Require: 
B.S.  degree  in  Computer  Sci¬ 
ence/Engineering,  or  a  closely 
related  field  with  5  yrs  of  pro¬ 
gressively  responsible  exp  in  the 
job  offered  or  as  a  Programmer/ 
Systems  Analyst.  Competitive 
salary  offered.  Send  resume  to: 
Cheryl  Escobar,  Harbor  Pay¬ 
ments,  Inc.,  1900  Emery  St.  NW, 
2nd  Floor,  Atlanta,  GA  30318; 
Attn:  Job  PS. 


SOFTWARE  ENGINEER  to 
design,  develop,  test  and  main¬ 
tain  computer  software  for  vari¬ 
ous  business  applications  and 
eCommerce  solutions  using 
ASP,  VB,  SQL  Server,  Visual 
Interdev,  JavaScript,  DHTML, 
HTML  and  CSS  on  Windows 
2000/NT  platforms.  Require: 
M.S.  degree  in  Computer 
Science,  or  a  closely  related 
field  with  2  yrs  of  exp  in  the  job 
offered  or  as  a  Programmer/ 
Analyst  or  Programmer;  Exp¬ 
erience  gained  before  or  after 
earning  the  degree  will  be 
accepted.  Extensive  travel  on 
assignment  to  various  client 
sites  within  the  USis  required. 
Competitive  salary  offered. 
Send  resume  to:  Donna  Marie 
Kurz,  American  Computer 
Technologies,  2200  Lucien  Way, 
Suite  195,  Maitland,  FL32751; 
Attn:  Job  RG. 


SENIOR  PROGRAMMER/ANA¬ 
LYST  to  analyze,  design,  devel¬ 
op,  maintain  and  implement 
Oracle  applications,  focusing  on 
HR,  Payroll,  Advance  Benefits, 
OTL  and  Financial  modules 
using  PL/SQL,  SQL  Plus, 
SQL'LDR,  Oracle,  Developer 
2000  and  SQL  Server.  Req¬ 
uire:  B.S.  degree  in  Computer 
Science/Engineering,  or  a  close¬ 
ly  related  field  with  2  yrs  of  exp 
in  the  job  offered  or  as  a 
Programmer.  Extensive  travel 
on  assignments  to  various  client 
sites  within  the  U.S.is  required. 
Competitive  salary  offered. 
Apply  by  resume  to:  SrinivasaR. 
Manne,  Methodex  Consulting 
Services.  Inc.,  1517  W.  Irving 
Blvd.,  Irving,  TX75061;  Attn:  Job 
DP. 


Technology  Company  seeking 
Programmer  Analyst  and  Senior 
Programmer  Analyst  for  Multiple 
Openings.  Positions  Require¬ 
ments  vary  and  environments 
may  include  Actuate,  Siebel, 
SAP,  Informatica,  J2EE,  Web 
Sphere. 

Programmer  Analyst:  position 
require  the  minimum  of  a 
Bachelor's  Degree  in  C.S.I 
Engineering/Electronics  +  3  year 
experience  in  position  offered  or 
related  position; 

Senior  Programmer  Analyst: 
positions  require  the  minimum  of 
a  Master's  Degree  in  Computer 
Science/Engineering/Electronic 
s  or  related  field.  In  lieu  of 
Master's  Degree,  Bachelor's 
Degree  +  5  years  of  progressive 
professional  experience  in  soft¬ 
ware  design  and  development. 

All  Positions  require  extensive 
travel  and/or  relocation;  attrac¬ 
tive  compensation  package. 
Send  Resume  and  Cover  letter 
to:  Human  Resource  Director, 
Optimum  Technology  Solutions, 
Inc.,  Ill  Acklen  Park  Dr.  Suite 
E105,  Nashville,  TN  37203. 


SOFTWARE  ENGINEER  in 
Lincroft,  New  Jersey  to  design 
mobility  solution  to  achieve 
seamless  switching  of  active 
calls.  B.S.  in  Electrical  Engin¬ 
eering  and  two  (2)  years  experi¬ 
ence  as  System  Engineer,  Test 
engineer,  Soft-ware  Engineer  or 
related  position  with  experience 
using  Linux  and  Windows  CE; 
VoIP  using  SIP  signaling  proto¬ 
col;  PSTN  analog  trunk  circuitry, 
WiFi  and  cellular  GSM  wireless 
technologies;  DNS  functionality; 
DHCP  server;  and  AAA  enter¬ 
prise  servers  required. 
Competitive  salary  and  benefits. 
For  prompt  consideration, 
please  submit  your  resume/CV 
with  the  following  codes  includ¬ 
ed  to:  D-COMPUTER/ 

16275BR,  Avaya  Inc.,  P.O.  Box 
549248,  Suite  188,  Waltham, 
MA  02454-9248.  EOE. 


SOFTWARE  ENGINEER,  Sen¬ 
ior  Level  (Yonkers,  NY)-Full 
Time.  Develop  application  inter¬ 
face  screen  in  ASP.NET  code 
using  GUI  tools  that  execute 
complex  VB.NET  &  JavaScript 
validation  routines.  Write  T-SQL 
stored  procedures  according  to 
high  level  specification  &  design 
conventions.  Build  internet  appli¬ 
cations  in  the  medical  care 
arena,  moving  from  prototype  to 
execution  with  support  to  200+ 
sites.  Supervise  a  team  of  4  pro¬ 
grammers.  Bachelor's  degree  or 
equivalent  in  Comp.  Sci,  CIS, 
MIS  or  related  field  req'd.  4  yrs 
exp.  req'd.  At  least  2  of  those 
years  in  healthcare  IT  industry, 
developing  .NET.  Send  CV  to 
Emerging  Health  Information 
Technology,  3  Odell  Plaza, 
Yonkers,  NY  10701,  Fax  914- 
457-6206,  Attn:  David  Fletcher. 


ATTENTION: 

Law  Firms 
IT  Consultants 
Staffing  Agencies 


Place  your 
Labor  Certification 
ads  here! 

Are  you  frequently  placing 
legal! immigration  advertisements? 
Let  us  help  you  put  together  a 
cost  effective  program  that  will 
make  this  time<onsuming 
task  a  little  easier 

Contact:  Danielle  Tetreault  at: 
800-762-  2977 

ulcareers 
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Telecom 

new  services  and  address 
complaints  about  billing  and 
poor  network  connections. 

“I  care  a  lot  about  SBC  buy¬ 
ing  AT&T,  and  it’s  going  to  be 
a  matter  of  ‘wait  and  see  what 
happens’ . . .  since  the  planned 
layoffs  won’t  happen  right 
away,”  said  Cathleen  Lilli,  di¬ 
rector  of  infrastructure  ser¬ 
vices  at  Konica  Minolta  Busi¬ 
ness  Solutions  USA  Inc.  in 
Ramsey,  N.J.  One  positive  sign 
of  consistency,  she  said,  is  that 
SBC  announced  that  it  will  not 
close  down  AT&T’s  network 
operations  center  in  Bedmin- 
ster,  N.J. 

Honoring  Contracts 

In  January  2004,  Konica  Mi¬ 
nolta  signed  a  two-year,  $2.7 
million  contract  with  AT&T 
for  an  IP-based  virtual  private 
network  across  92  U.S.  loca¬ 
tions  serving  4,500  workers.  It 
also  signed  on  with  AT&T  for 
local  and  long-distance  voice 
services  that  were  formerly 
provided  by  MCI  and  Sprint 
Corp.  “So  far,  we’re  happy 
with  AT&T,”  Lilli  said. 

The  contract  includes  an 
option  for  a  third  year.  But  if 
SBC  makes  layoffs  that  affect 


service  for  Konica  Minolta, 
“that’s  going  to  be  my  out,” 
Lilli  said,  citing  the  terms  of 
her  AT&T  contract.  “And  SBC 
has  to  honor  that  contract; 
that’s  my  position.” 

IT  managers  at  Fireman’s 
Fund  Insurance  Co.  in  Novato, 
Calif.,  plan  to  meet  with  SBC 
this  week  to  go  over  potential 
changes  that  could  take  place 
as  a  result  of  the  acquisition, 
said  CIO  Fred  Matteson.  On 
Jan.  12,  AT&T  announced  a 
five-year,  $42  million  contract 
with  Fireman’s  Fund  for  an  IP 
VPN  that  will  support  4,500 
workers  in  60  locations  and 
replace  voice  and  data  net¬ 
works  from  multiple  vendors. 

“My  general  evaluation  is 
that  the  SBC  purchase  makes 
sense,”  Matteson  said,  noting 
that  the  combination  of  SBC’s 
size  and  AT&T’s  reputation  for 
providing  good  network  ser¬ 
vices  to  corporate  customers 
should  benefit  the 
merged  company. 

SBC  Chairman 
and  CEO  Edward 
Whitacre  Jr.  and 
David  Dorman, 
his  counterpart  at 
AT&T,  sought  to 
ensure  corporate 
customers  that 
the  combined 
entity  will  serve 


their  interests,  saying  during  a 
press  briefing  that  it  will  have 
greater  financial,  technical 
and  marketing  resources. 

But  some  current  customers 
blasted  both  companies  for 
poor  customer  service. 

“SBC  is  horrible.  We  can’t 
get  away  from  them  fast 
enough,”  said  Peter  Schwei, 
telecommunications  supervi¬ 
sor  at  Charter  Steel  Inc.  in 
Saukville,  Wis.  Schwei  said 
the  steel  producer  is  about  to 
announce  a  voice  and  data 
contract  with  another  carrier, 
after  years  of  experiencing  al¬ 
most  monthly  outages  at  its 
facilities  and  frequent  billing 
irregularities  with  SBC. 

A  telecom  manager  at  a  Mid¬ 
western  distribution  company 
said  she  had  been  working  to 
address  an  SBC-related  outage 
until  2  a.m.  the  night  before 
SBC  announced  that  it  was 
buying  AT&T.  Maybe  AT&T 
can  improve  on 
SBC’s  poor  cus¬ 
tomer  relations  in 
handling  outages, 
suggested  the 
manager,  who 
asked  not  to  be 
named. 

But  Tim  Cle¬ 
ment,  a  telecom¬ 
munications 
analyst  at  Maine 


JUST  THE  FACTS 


Merger  Highlights 

■  SBC  is  buying  AT&T  in  a 

stock-swap  transaction  currently 
valued  at  about  $16  billion. 

■  Edward  Whitacre  Jr., 

SBC's  chairman  and  CEO, 

will  retain  those  positions  after 
the  acquisition. 

■  AT&T  Chairman  and  CEO 
David  Dorman  will  become 
president  of  the  combined 
company. 

■  More  than  12,000  layoffs 

are  expected,  on  top  of  7,000 
already  planned  at  SBC  this 
year  and  12,500  cuts  an¬ 
nounced  at  AT&T. 

■  Required  approvals  from 

various  federal,  state  and 
international  bodies  will  likely 
take  a  year  to  secure. 


Medical  Center  in  Portland, 
said  he  thinks  SBC  could  only 
improve  on  AT&T’s  customer 
service  record.  “I  can’t  imag¬ 
ine  that  it  could  possibly  be 
more  difficult  than  it  is  now 
trying  to  get  anything  done 
with  AT&T,”  Clement  said. 

“If  something’s  not  working, 
like  a  circuit,  it’s  extremely 
difficult  to  get  anybody  at 
AT&T  to  help.” 

Network  capacity  is  so  plen¬ 


tiful  that  consolidation  among 
carriers  is  inevitable,  several 
network  managers  said. 

“Fewer  competitors  means 
less  choice,”  said  Davidson 
Scott,  vice  president  of  infra¬ 
structure  at  Michael  Baker 
Corp.,  a  global  engineering 
and  energy  firm  in  Moon 
Township,  Pa.  “However,  tech¬ 
nology  marches  on,  and  op¬ 
tions  always  emerge.  SBC/ 
AT&T  will  not  be  able  to  take 
customers  for  granted.” 

The  view  from  network 
managers  in  Europe  is  that 
SBC  is  not  at  all  well  known 
there  and  that  the  combined 
entity  would  do  well  to  hold 
on  to  the  globally  recognized 
AT&T  brand  name,  said  Ewan 
Sutherland,  chairman  of  the 
International  Telecommunica¬ 
tions  Users  Group  in  Brussels. 
“Outside  the  U.S.A.,  SBC  has  a 
very,  very  low  brand  recogni¬ 
tion.  Now,  if  it  retains  AT&T 
branding,  values  and  the  like, 
then  it  could  well  continue,  es¬ 
pecially  if  more  money  is  in¬ 
vested,”  he  said. 

IT  managers  in  Europe 
and  elsewhere  felt  burned  by 
SBC’s  move  in  the  late  1990s  to 
invest  in  network  operators  in 
Denmark,  Belgium  and  South 
Africa  only  to  eliminate  or  re¬ 
duce  its  involvement  last  year, 
Sutherland  said.  ©  52377 


SBC  is 
horrible. 
We  can’t  get 
away  from  them 
fast  enough. 


PETER  SCHWEI,  TELECOM 
MUNICATI0NS  SUPERVISOR. 
CHARTER  STEEL  INC. 


to  Review  Contracts,  Consider  Alternatives 


Users  Advised 

CORPORATE  USERS  need  to 
assess  their  contracts  with  net-  • 
work  services  providers  and 
make  plans  for  coping  with  the 
long-term  consolidation  of 
the  telecommunications  industry,  • 
several  industry  experts  said 
last  week. 

“Enterprise  customers  need 
to  pay  more  attention  to  regula-  • 
tory  processes  than  in  the  past 
because  the  competitive  forces  : 
that  have  protected  them  will 
be  weakened,”  said  Colleen 
Boothby,  an  attorney  at  Levine,  : 


Blaszak,  Block  &  Boothby  LLP  in 
Washington. 

Boothby 's  firm  tracks  Federal 
Communications  Commission 
procedures  affecting  network  op¬ 
erators  and  represents  large 
companies  in  contract  negotia¬ 
tions  with  the  carriers.  It  also 
works  with  a  group  of  19  very 
large  corporations  called  the 
Ad  Hoc  Telecommunications 
Users  Committee. 

With  former  regional  Bell  oper¬ 
ating  companies  (RB0C)  such  as 
SBC  now  entering  the  business 


long-distance  market,  “there  are 
all  kinds  of  opportunities  for  mis¬ 
chief,”  Boothby  said.  The  RBOCs 
“don’t  know  how  to  play  in  this 
market,  don’t  have  the  account 
teams  and  support  and  are  not 
as  good  on  contract  terms,"  she 
asserted. 

Boothby  said  she  also  worries 
that  if  vendors  aren't  regulated 
closely,  they  “will  revert  back 
to  the  practices  of  the  1980s,” 
when  customers  often  were 
told  that  they  could  obtain  new 
network  services  only  if  they 


bought  telecommunications 
equipment  from  the  carrier  they 
had  chosen. 

Team  Concerns 

For  now,  the  top  concern  for 
AT&T  users  is  what  might  happen 
to  their  account  teams,  said  Jim 
Blaszak,  another  attorney  at  the 
law  firm.  “Users  need  to  gird 
themselves  for  the  possibility  that 
current  teams  will  change  and 
shrink.”  Blaszak  said. 

Even  if  a  company  has  a  con¬ 
tract  that  limits  its  carrier’s  ability 


to  downsize  the  account  team, 
employees  assigned  to  the  team 
could  still  be  laid  off,  Boothby 
added.  “If  people  are  laid  off, 
they’re  laid  off,”  she  said.  “So, 
what  good  does  the  contract  lan¬ 
guage  do  you?” 

Network  managers  should  look 
closer  than  ever  at  switching  to 
alternative  carriers  in  the  U.S.  and 
in  international  markets,  said 
Gartner  Inc.  analyst  Eric  Paulak. 
Users  also  may  want  to  evaluate 
the  idea  of  hiring  a  systems  in¬ 
tegrator  to  manage  all  of  their 
voice  and  data  network  services, 
he  added. 

-Matt  Hamblen 
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Ray’s  Return 

Ray  noorda  is  back.  On  Dec.  17,  the  man  who  built 
Novell  fired  his  trusted  protege,  Ralph  Yarro,  for  pock¬ 
eting  upward  of  $20  million  from  “self-dealing  trans¬ 
actions”  at  Noorda’s  investment  company,  The  Canopy 
Group.  Noorda  replaced  Yarro  and  took  control  again 
of  the  venture  capital  firm  he  founded  and  funded. 

Think  this  is  some  obscure  industry  sideshow?  Think  again.  Yarro 
was  the  architect  of  The  SCO  Group’s  assault  on  Linux  and  its  cor¬ 
porate  users.  Yarro  used  his  position  to  turn  a  Noorda-funded  Linux 
start-up  named  Caldera  into  the  anti-Linux  litigation  machine  SCO. 
But  now  Ray  is  back,  and  Yarro  is  gone.  And  that  means  . . .  what? 


For  Noorda,  it  means  a  return  to  the  spot¬ 
light.  Until  the  mid-1990s,  he  was  a  true  IT  in¬ 
dustry  heavyweight,  the  man  who  grew  Novell 
from  a  little  Utah  company  into  a  powerhouse. 
Novell’s  NetWare  was  the  LAN  operating  sys¬ 
tem  that  helped  PCs  gain  a  foothold  in  corpo¬ 
rate  IT. 

Then  Noorda  decided  to  go  after  Microsoft 
head-on.  As  Novell  CEO,  he  bought  Unix  from 
AT&T  and  added  WordPerfect  and  Quattro  Pro 
to  compete  with  Word  and  Excel.  That  made 
Novell’s  board  nervous,  and  it  pushed  the  ag¬ 
gressive  Noorda  out  in  1994.  He  was  70. 

He  didn’t  exactly  slow  down.  Noorda  had  al¬ 
ready  earmarked  his  billion-dollar  fortune  for 
charity  after  he  died.  He  became  a  venture  capi¬ 
talist  to  make  the  pile  even  bigger.  His  invest¬ 
ments  in  Utah  high-tech  start-ups  did  well. 

One  of  those  bets  was  on  Linux  in  1995,  when 
a  Noorda  start-up  called  Caldera  launched  an 
early  commercial  Linux  distribution. 

And  in  1996,  Noorda  bankrolled  a  lawsuit  ac¬ 
cusing  Microsoft  of  unfair  competition  against 
an  MS-DOS  competitor  named  DR-DOS. 
Microsoft  eventually  paid  $275  mil¬ 
lion  to  settle  the  case. 

Finally,  in  1998,  Noorda  stepped 
away,  handing  over  day-to-day  con¬ 
trol  of  Canopy  to  Yarro.  That’s 
when  things  got  ugly. 

According  to  a  lawsuit  filed  by 
Noorda  and  Canopy  in  January, 

Noorda  trusted  Yarro  to  do  what 
was  right  for  Canopy  and  the  chari¬ 
ties  it  would  someday  feed.  Instead, 
over  the  next  six  years,  Yarro  grant¬ 
ed  himself  and  two  associates  most 
of  Canopy’s  stock,  along  with  more 
than  $20  million  in  allegedly  im¬ 


proper  bonuses  and  more  than  $100  million  in 
stock  options.  Noorda  wants  that  money  back. 

Yarro  has  filed  his  own  lawsuit,  claiming  that 
by  2003  Noorda’s  memory  and  health  were  bad 
and  he  “became  incapacitated  and/or  subject  to 
undue  influences.”  He  says  Noorda  was  manip¬ 
ulated  into  firing  him  by  Yarro’s  rivals,  includ¬ 
ing  Noorda’s  daughter.  Yarro  and  his  associates 
want  their  jobs  back,  plus  $100  million,  and  they 
want  Noorda  kicked  off  his  own  board. 

But  for  now,  Yarro’s  the  one  who’s  out  at 
Canopy.  He’s  still  SCO  Group  chairman,  but 
that  may  last  only  until  Canopy  offers  a  new 
slate  of  directors. 

What  about  Noorda?  Is  he  really  out  of  it? 
That’s  tough  to  buy.  It  was  just  a  few  years  ago 
that  a  Computerworld  reporter  caught  up  with 
Noorda,  hoping  to  get  a  comment  on  Micro¬ 
soft’s  antitrust  troubles.  She  didn’t  get  the 
quote.  But  when  she  mentioned  in  passing  that 
she  needed  a  new  car,  Noorda  —  who  also 
owned  a  string  of  auto  dealerships  —  was  sharp 
enough  to  turn  the  interview  into  a  sales  pitch. 

That’s  Ray:  hardheaded,  aggressive,  cagey,  his 
eye  always  on  the  customer. 

So  when  he  takes  control  of 
SCO’s  Linux  litigation,  we  can  be 
pretty  sure  one  set  of  lawsuits  will 
go  away  almost  immediately:  the 
ones  aimed  at  corporate  Linux 
users.  At  80,  Noorda  may  have  lost 
a  step.  But  he’ll  never  be  so  far 
gone  that  he’ll  think  it’s  a  good  idea 
to  sue  his  own  customers. 

And  the  suits  against  Novell,  Red 
Hat  and  IBM?  For  now,  there’s  no 
telling.  But  if  old  hardheaded,  ag¬ 
gressive,  cagey  Ray  really  is  back, 
we’ll  soon  find  out.  ©  52364 


frank  hayes.  Computer- 
world's  senior  news  colum¬ 
nist,  has  covered  IT  tor  more 
than  20  years.  Contact  him  at 

{rank.hayes@computerworld.com. 


Hard  Problems,  Easy  Solutions 

This  classified  research  lab  is  essentially  a  steel  vault 
with  interlocking  electric  doors.  “Power  was  lost  one 
morning,  the  backup  generator  failed,  and  people  in 
the  lab  were  trapped  in  utter  darkness  for  a  long  hour,” 
says  a  pilot  fish  there.  An  investigation  reveals  that  the 
generator  was  never  tested,  so  management  moves 
quickly  to  make  sure  the  incident  is  never  repeated: 
“Within  a  week,”  fish  reports,  “every  employee  on  the 
project  was  issued  a  glow-in-the-dark  light  stick.” 

Aha!  everything  else 

Attorney  calls  SHARK  is  sent  to  India, 

his  firm’s  help  ti  |||#^  When  I  got 

desk,  complain-  I  All  Itak.  back  to  my 

ing  that  the  desk,  I  started 


sound  isn’t  working  on 
his  PC,  “He  had  gone 
into  the  volume  icon  at 
the  bottom  of  his  screen, 
and  the  volume  was 
turned  up,’*  pilot  fish 
says.  “I  talked  him 
through  some  more 
settings  in  the  Control 
Panel  for  sound  volume. 
We  finally  got  down  to  a 
setting  called  ‘speaker 
volume.’  I  asked  him 
what  that  was  set  at.  He 
said,  ‘Sixty  percent  or 
so.  But  you  know,  I  don’t 
have  speakers.’  ” 

Details,  Details 

Pilot  fish’s  company  is 
bought  by  a  much  bigger 
outfit,  and  he  figures  it’s 
a  great  new  opportunity 
-  until  the  new  boss 
speaks  at  an  all-hands 
meeting.  “First  he  talked 
about  how  his  company 
had  50  stateside  devel¬ 
opers  when  it  was 
bought  by  the  new  par¬ 
ent  firm,”  fish  says. 
“Most  of  the  speech  was 
about  how  they  were 
going  to  streamline  the 
company  to  make  it 
more  competitive.  At  the 
end  of  his  speech,  he  ca¬ 
sually  mentioned  how 
they  only  have  five  state¬ 
side  developers  doing 
prototyping  work,  and 


:  sending  out  resumes.” 

{ By  the  Numbers 

i  Support  pilot  fish  needs 
j  a  port  to  be  opened  in 
j  the  newly  installed  com- 
j  pany  firewall.  So  he  in- 
j  structs  trainee  to  ask 
j  firewall  admins  to  open 
j  Port  3456,  https  out- 
j  going.  “Just  tell  him: 
j  Port  three,  four,  five,  six, 
j  https  outgoing,”  fish 
i  says.  Phone  rings  15 
j  minutes  later.  Do  you 
j  really  want  Ports  3, 4, 5 
j  and  6  opened,  and  why? 
j  asks  firewall  admin, 
j  When  trainee  returns,  he 
i  proudly  tells  fish,  “The 
j  firewall  guy  asked  if  I 
j  wanted  3456  https  out- 
j  going,  but  I  specifically 
j  told  him  no,  we  really 
j  need  3, 4, 5  and  6.” 

|  WYSIWYG 

\  New  user  swears  she 
j  knows  her  password  but 
j  can’t  log  in.  “I  try  her 
j  password  and  log  right 
j  in,  so  I  ask  her  to  try 
j  again,”  support  pilot  fish 
j  says.  “Then  I  notice  that 
i  as  she  says  each  letter, 

!  she’s  hitting  the  asterisk 
i  key.  Turns  out  she 
j  watched  other  people 
j  log  in  and  could  only  see 
!  stars,  so  that’s  what  she 
!  tried  over  and  over.” 


OTHATS  SHARKY:  *-*-*-*-*-*.  Send  me  your  true 
tale  of  IT  life  at  sharky@computerworid.com.  You’ll 
snag  a  snappy  Shark  shirt  if  I  use  it.  And  check  out  the  daily 
feed,  browse  the  Sharkives  and  sign  up  for  Shark  Tank 
home  delivery  at  computerworld.com/sharky. 
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A  lot  of  products  claim  to  reduce  the  complexity  and  cost  of  enterprise 
backup.  But  one  actually  delivers — the  Scalar®  i2000,  part  of  the  growing 
iPlatform  ™  family  from  ADIC,  the  leading  provider  of  tape  libraries  for 
open-systems  backup.  * 

Embedded  intelligence.  The  Scalar  i2000  is  the  first  library  to  integrate 
advanced  management  functions — proactive  monitoring,  built-in  partitioning, 
automated  diagnostics,  and  I/O  management — so  it  delivers  faster  and  more 
reliable  backup  and  uses  less  of  your  budget,  time,  and  staff. 

Faster  resolution,  fewer  service  calls.  Smarter  diagnostics  and  dedicated 
service  teams  mean  fewer  interruptions  and  faster  resolution.  The  Scalar 
i2000  requires  half  the  service  calls  of  conventional  libraries.  And  the 
worldwide  ADIC  service  team  solves  problems  before  customers  see  them. 

Capacity  on  demand.  As  its  name  suggests,  the  Scalar  i2000  is  designed  to 
scale  with  your  storage  needs.  So  you  don't  have  to  worry  about  running  out 
of  space  or  paying  for  more  than  you  need. 

After  all,  you  were  hired  to  use  your  brains  for  more  important  things. 

•Market  share  from  Gartner  Dataquest,  Tape  Automation  Systems  Market  Shares,  2003,  F.  Yale,  April  2004. 


Visit  www.adic.com/i2k  to  get  your  free  Aberdeen  Group  white  paper: 

Taking  an  Intelligent  Step  Forward  in  Tape  Backup  and  Restore. 


Intelligent  Storage' 


Available  through  EMC  Corporation,  your  complete  source  for  information  lifecycle 
management  solutions.  Call  your  local  ADIC  or  EMC  sales  representative  for  more  information. 

Copyright  2005  Advanced  Digital  Information  Corporation  (ADIC),  Redmond,  WA,  USA.  All  rights  reserved.  Created  in  USA. 
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where  information  lives* 


THE  BRAINS  TO  BACK  IT  UP 


Oracle  Database 

World's  #1 
^For  Small 


Database 

Business 


Easy  to  use.  Easy  to  manage.  Easy  to  buy  at  Deli. 
Only  $149  per  user. 


dell.com/database 
or  call  1.888.889.3982 

Terms,  conditions  and  limitations  apply.  Pricing,  specifications,  availability  and  terms  of  offers  may  change  without  notice. 
Taxes,  fees  and  shipping  charges  extra,  vary  and  are  not  subject  to  discount.  U.S.  Dell  Small  Business  new  purchases  only. 

Dell  cannot  be  responsible  for  pricing  or  other  errors.  Oracle  Database  Standard  Edition  One  is  available  with  Named  User 
Plus  licensing  at  $149  per  user  with  a  minimum  of  five  users  or  $4995  per  processor.  Licensing  of  Oracle  Standard  Edition 
One  is  permitted  only  on  servers  that  have  a  maximum  capacity  of  2  CPUs  per  server. 

For  more  information,  visit  oracle.com/standardedition 

Copyright  ©  2004,  Oracle.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation  and/or  its  affiliates.  Other  names  may  be  trademarks  of  their  respective  owners. 


